CVE-2022-22551

HIGH

DELL EMC AppSync <4.3 - Info Disclosure

Title source: llm

Description

DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session.

References (1)

[Patch, Vendor Advisory] https://www.dell.com/support/kbdoc/000195377

Scores

CVSS v3 8.3

EPSS 0.0014

EPSS Percentile 33.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Details

CWE

CWE-384 CWE-598

Status published

Products (1)

dell/emc_appsync < 4.4.0.0

Published Jan 21, 2022

Tracked Since Feb 18, 2026