Vulnerabilities > CVE-2022-22552 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Dell EMC Appsync

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

dell

CWE-1021

NVD

Published: 2022-01-21

Updated: 2022-01-27

Summary

Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations.

Vulnerable Configurations

Part	Description	Count
Application	Dell Dell EMC Appsync *	1

Common Weakness Enumeration (CWE)

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

References

https://www.dell.com/support/kbdoc/000195377