CVE-2022-22551

Summary

DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session.

Affected Software

VendorProductVersion RangeStatus
DellAppSyncunspecified < 4.4affected

Weaknesses

  • CWE-598: CWE-598: Information Exposure Through Query Strings in GET Request

ADP Enrichment

CVE Program Container

Additional References

References