CVE-2022-22551 Vulnerability Details

  /     /     /  

CVE-2022-22551 Metadata Quick Info

CVE Published: 21/01/2022 | CVE Updated: 16/09/2024 | CVE Year: 2022
Source: dell | Vendor: Dell | Product: AppSync
Status : PUBLISHED

---

CVE-2022-22551 Description

DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session.

Metrics

CVSS Version: 3.1 | Base Score: 8.3 HIGH
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* ADJACENT_NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-598
CWE Name: CWE-598: Information Exposure Through Query Strings in GET Request
Source: Dell

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).