Vulnerabilities > Dell
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-21 | CVE-2022-22551 | Session Fixation vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0 DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. | 8.8 |
| 2022-01-21 | CVE-2022-22552 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0 Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. | 6.1 |
| 2022-01-21 | CVE-2022-22553 | Improper Restriction of Excessive Authentication Attempts vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0 Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. | 9.8 |
| 2021-12-21 | CVE-2021-36316 | Improper Privilege Management vulnerability in Dell EMC Avamar Server Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. | 7.2 |
| 2021-12-21 | CVE-2021-36317 | Insufficiently Protected Credentials vulnerability in Dell products Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. | 6.7 |
| 2021-12-21 | CVE-2021-36318 | Insufficiently Protected Credentials vulnerability in Dell EMC Avamar Server Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. | 6.7 |
| 2021-12-21 | CVE-2021-36336 | Deserialization of Untrusted Data vulnerability in Dell Wyse Management Suite Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system. | 9.8 |
| 2021-12-21 | CVE-2021-36337 | Inadequate Encryption Strength vulnerability in Dell Wyse Management Suite Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data. | 7.4 |
| 2021-12-21 | CVE-2021-36341 | Information Exposure vulnerability in Dell Wyse Device Agent 14.5.4.1 Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. | 5.5 |
| 2021-12-21 | CVE-2021-36350 | Improper Authentication vulnerability in Dell Powerscale Onefs Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. | 7.5 |