Page 2 of 8 results (0.002 seconds)

CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0

Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks. Dell EMC CloudLink versiones 7.1.3 y todas las versiones anteriores, el token de autenticación es expuesto en las peticiones GET. • https://www.dell.com/support/kbdoc/en-us/000197425/dsa-2022-064-dell-emc-cloudlink-security-update-for-security-vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-598: Use of GET Request Method With Sensitive Query Strings •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it may be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity. • https://www.dell.com/support/kbdoc/en-us/000193031/https-dellservices-lightning-force-com-one-one-app • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote high privileged attacker, with the knowledge of the hard-coded credentials, may potentially exploit this vulnerability to gain unauthorized access to the system. Dell EMC CloudLink versiones 7.1 y todas las versiones anteriores, contienen una vulnerabilidad de contraseña Embebida. Un atacante remoto con altos privilegios, con el conocimiento de las credenciales codificadas, puede potencialmente explotar esta vulnerabilidad para obtener acceso no autorizado al sistema • https://www.dell.com/support/kbdoc/en-us/000193031/https-dellservices-lightning-force-com-one-one-app • CWE-259: Use of Hard-coded Password •