CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32744
https://notcve.org/view.php?id=CVE-2025-32744
21 Jul 2025 — Dell AppSync, version(s) 4.6.0.0, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution. • https://www.dell.com/support/kbdoc/en-us/000345331/dsa-2025-277-security-update-for-dell-appsync-vulnerabilities • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36603
https://notcve.org/view.php?id=CVE-2025-36603
21 Jul 2025 — Dell AppSync, version(s) 4.6.0.0, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering. • https://www.dell.com/support/kbdoc/en-us/000345331/dsa-2025-277-security-update-for-dell-appsync-vulnerabilities • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52542
https://notcve.org/view.php?id=CVE-2024-52542
17 Dec 2024 — Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering. • https://www.dell.com/support/kbdoc/en-us/000261039/dsa-2024-496-security-update-for-dell-appsync-vulnerabilities • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39586
https://notcve.org/view.php?id=CVE-2024-39586
09 Oct 2024 — Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-us/000234216/dsa-2024-420-security-update-for-dell-emc-appsync-for-multiple-vulnerabilities • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22464
https://notcve.org/view.php?id=CVE-2024-22464
08 Feb 2024 — Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account. Dell EMC AppSync, versiones de 4.2.0.0 a 4.6.0.0, incluidas todas las vers... • https://www.dell.com/support/kbdoc/en-us/000221932/dsa-2024-072-security-update-for-dell-emc-appsync-for-vulnerabilities • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24424
https://notcve.org/view.php?id=CVE-2022-24424
21 Apr 2022 — Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. Dell EMC AppSync versiones desde 3.9 a 4.3 contienen una vulnerabilidad de salto de ruta en el servidor AppSync. Un atacante remoto no autenticado puede explotar potencialmente esta vulnerabilidad para co... • https://www.dell.com/support/kbdoc/000197433 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22553
https://notcve.org/view.php?id=CVE-2022-22553
21 Jan 2022 — Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users. Dell EMC AppSync versiones 3.9 a 4.3, contienen una vulnerabilidad de restricción inapropiada de intentos de autenticación excesivos que puede ser explotada desde la UI ... • https://www.dell.com/support/kbdoc/000195377 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22552
https://notcve.org/view.php?id=CVE-2022-22552
21 Jan 2022 — Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations. Dell EMC AppSync versiones 3.9 a 4.3, contienen una vulnerabilidad de clickjacking en AppSync. Un atacante remoto no autenticado podría explotar esta vulnerabilidad para engañar a la víctima para que ejecute operaciones de cambio de estado • https://www.dell.com/support/kbdoc/000195377 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22551
https://notcve.org/view.php?id=CVE-2022-22551
21 Jan 2022 — DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session. DELL EMC AppSync versiones 3.9 a 4.3, usan el método de petición GET con cadenas de consulta confidenciales. Un atacante adyacente y no autenticado podría explotar esta vulnerabilidad y secuestrar la sesión de la víctima • https://www.dell.com/support/kbdoc/000195377 • CWE-384: Session Fixation CWE-598: Use of GET Request Method With Sensitive Query Strings •