CVE-2022-22551
21.01.2022, 21:15
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session.Enginsight
| Vendor | Product | Version |
|---|---|---|
| dell | emc_appsync | 𝑥 < 4.4.0.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-598 - Use of GET Request Method With Sensitive Query StringsThe web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.
- CWE-384 - Session FixationAuthenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.