Description
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.dell.com/support/kbdoc/000195377
Scores
CVSS v3
8.3
EPSS
0.0039
EPSS Percentile
30.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Details
CWE
CWE-384
CWE-598
Status
published
Products (1)
dell/emc_appsync
< 4.4.0.0
Published
Jan 21, 2022
Tracked Since
Feb 18, 2026