Vulnerabilities > Dell > EMC Appsync
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-09 | CVE-2024-39586 | XXE vulnerability in Dell EMC Appsync Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. | 4.3 |
| 2024-02-08 | CVE-2024-22464 | Information Exposure Through Log Files vulnerability in Dell EMC Appsync Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. | 6.8 |
| 2022-04-21 | CVE-2022-24424 | Path Traversal vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0 Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. | 7.5 |
| 2022-01-21 | CVE-2022-22551 | Session Fixation vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0 DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. | 8.8 |
| 2022-01-21 | CVE-2022-22552 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0 Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. | 6.1 |
| 2022-01-21 | CVE-2022-22553 | Improper Restriction of Excessive Authentication Attempts vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0 Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. | 9.8 |