Path Traversal Vulnerability in Dell EMC AppSync Server
CVE-2022-24424

7.5HIGH

Key Information:

Vendor: Dell
Status: Appsync
Vendor: CVE Published:; 21 April 2022

What is CVE-2022-24424?

Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability that allows an unauthenticated remote attacker to exploit the AppSync server. By taking advantage of this vulnerability, an attacker can potentially gain unauthorized read access to files located on the server's filesystem, executing actions with the privileges of the web application in use. This may lead to exposure of sensitive data and necessitates immediate attention and remediation.

Affected Version(s)

AppSync < 4.4.0.0

References

https://www.dell.com/support/kbdoc/000197433

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2022
Vulnerability Reserved
Feb 4, 2022