CVE-2022-22551 Information

Description

DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent unauthenticated attacker could potentially exploit this vulnerability and hijack the victim session.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.dell.com/support/kbdoc/000195377

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8