Vulnerabilities > Dell > EMC Appsync > 3.9.0.0

DATE CVE VULNERABILITY TITLE RISK
2022-04-21 CVE-2022-24424 Path Traversal vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0
Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server.
network
low complexity
dell CWE-22
7.5
7.5
2022-01-21 CVE-2022-22551 Session Fixation vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings.
low complexity
dell CWE-384
8.8
8.8
2022-01-21 CVE-2022-22552 Improper Restriction of Rendered UI Layers or Frames vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync.
network
low complexity
dell CWE-1021
6.1
6.1
2022-01-21 CVE-2022-22553 Improper Restriction of Excessive Authentication Attempts vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0
Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI.
network
low complexity
dell CWE-307
critical
 9.8
9.8