CVE-2024-22464

Severity Score

6.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.

Dell EMC AppSync, versiones de 4.2.0.0 a 4.6.0.0, incluidas todas las versiones de Service Pack, contienen una exposición de vulnerabilidad de información confidencial en los registros del servidor de AppSync. Un atacante remoto con privilegios elevados podría explotar esta vulnerabilidad, lo que llevaría a la divulgación de determinadas credenciales de usuario. Es posible que el atacante pueda utilizar las credenciales expuestas para acceder al sistema vulnerable con los privilegios de la cuenta comprometida.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-01-10 CVE Reserved
2024-02-08 CVE Published
2024-02-15 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-532: Insertion of Sensitive Information into Log File

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.dell.com/support/kbdoc/en-us/000221932/dsa-2024-072-security-update-for-dell-emc-appsync-for-vulnerabilities	2024-02-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Dell Search vendor "Dell"		Emc Appsync Search vendor "Dell" for product "Emc Appsync"				>= 4.2.0.0 < 4.6.0.2 Search vendor "Dell" for product "Emc Appsync" and version " >= 4.2.0.0 < 4.6.0.2"		-		Affected