cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-52542,https://securityvulnerability.io/vulnerability/CVE-2024-52542,Symlink Following Vulnerability in Dell AppSync,"CVE-2024-52542 is a high-risk Symlink Following vulnerability identified in Dell AppSync version 4.6.0.x. This vulnerability allows a low privileged attacker with local access to manipulate and tamper with sensitive information. Exploitation of this flaw could result in unauthorized access to critical data, emphasizing the need for prompt updates and security measures. Dell has released a security update to address this issue. For more details, please refer to the official advisory.",Dell,Appsync,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-17T11:33:54.239Z,0 CVE-2024-39586,https://securityvulnerability.io/vulnerability/CVE-2024-39586,Dell AppSync Server XML External Entity Injection Vulnerability,"Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure.",Dell,Appsync,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-09T06:48:53.639Z,0 CVE-2024-22464,https://securityvulnerability.io/vulnerability/CVE-2024-22464,Dell EMC AppSync Vulnerability Exposes Sensitive Information," Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account. ",Dell,AppSync,6.8,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-02-08T09:23:48.927Z,0 CVE-2023-32458,https://securityvulnerability.io/vulnerability/CVE-2023-32458,Privilege Escalation Vulnerability in Dell AppSync Embedded Service Enabler,"The Dell AppSync product family, specifically versions from 4.4.0.0 to 4.6.0.0 and their Service Pack releases, is vulnerable to an improper access control issue within the Embedded Service Enabler component. This vulnerability may allow a local malicious user to exploit weaknesses during installation processes, potentially leading to unauthorized privilege escalation. Users are advised to review security advisories and apply relevant updates to mitigate risks.",Dell,Dell Emc Appsync,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-09-27T16:21:00.000Z,0 CVE-2022-24424,https://securityvulnerability.io/vulnerability/CVE-2022-24424,Path Traversal Vulnerability in Dell EMC AppSync Server,"Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability that allows an unauthenticated remote attacker to exploit the AppSync server. By taking advantage of this vulnerability, an attacker can potentially gain unauthorized read access to files located on the server's filesystem, executing actions with the privileges of the web application in use. This may lead to exposure of sensitive data and necessitates immediate attention and remediation.",Dell,Appsync,7.5,HIGH,0.0031999999191612005,false,,false,false,false,,,false,false,,2022-04-21T21:15:00.000Z,0 CVE-2022-22551,https://securityvulnerability.io/vulnerability/CVE-2022-22551,Session Hijacking Vulnerability in DELL EMC AppSync,"DELL EMC AppSync versions 3.9 to 4.3 are vulnerable due to the use of the GET request method carrying sensitive query strings. This could allow an adjacent, unauthenticated attacker to exploit the vulnerability and hijack the session of unsuspecting users, potentially leading to unauthorized actions and data exposure.",Dell,Appsync,8.3,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2022-01-21T21:15:00.000Z,0 CVE-2022-22553,https://securityvulnerability.io/vulnerability/CVE-2022-22553,Improper Restriction of Excessive Authentication Attempts in Dell EMC AppSync,"Dell EMC AppSync versions 3.9 through 4.3 are susceptible to an improper restriction vulnerability that allows adjacent unauthenticated attackers to exploit the system via both the user interface and command line interface. This flaw can facilitate brute-force password attempts, potentially leading to unauthorized access if users employ weak password practices. It underscores the importance of strong password policies and proper authentication mechanisms to safeguard user accounts.",Dell,Appsync,8.1,HIGH,0.002899999963119626,false,,false,false,false,,,false,false,,2022-01-21T21:15:00.000Z,0 CVE-2022-22552,https://securityvulnerability.io/vulnerability/CVE-2022-22552,Clickjacking Vulnerability in Dell EMC AppSync,"Dell EMC AppSync versions 3.9 through 4.3 are susceptible to a clickjacking vulnerability. This issue permits remote unauthenticated attackers to potentially manipulate the user interface, tricking victims into performing unintended actions without their knowledge. Such operations could lead to changes in user state and unauthorized access to sensitive functionalities.",Dell,Appsync,6.9,MEDIUM,0.001230000052601099,false,,false,false,false,,,false,false,,2022-01-21T21:15:00.000Z,0