CVE-2022-22551
8.3
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Summary
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell | AppSync | unspecified < 4.4 | affected |
Weaknesses
- CWE-598: CWE-598: Information Exposure Through Query Strings in GET Request
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.