CVSS: 2.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39586
https://notcve.org/view.php?id=CVE-2024-39586
Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-us/000234216/dsa-2024-420-security-update-for-dell-emc-appsync-for-multiple-vulnerabilities • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32458
https://notcve.org/view.php?id=CVE-2023-32458
Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation. Dell AppSync, versiones 4.4.0.0 a 4.6.0.0, incluidas las versiones de Service Pack, contiene una vulnerabilidad de control de acceso inadecuado en el componente Embedded Service Enabler. Un usuario malintencionado local podría explotar esta vulnerabilidad durante la instalación, lo que provocaría una escalada de privilegios. • https://www.dell.com/support/kbdoc/en-us/000218038/dsa-2023-331-dell-emc-appsync-security-update-for-dell-embedded-service-enabler-vulnerability • CWE-284: Improper Access Control •