CVE-2022-22551
EUVD-2022-2769721.01.2022, 21:15
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| dell | emc_appsync | 𝑥 < 4.4.0.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-598 - Use of GET Request Method With Sensitive Query StringsThe web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.
- CWE-384 - Session FixationAuthenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.