CVE-2022-22553

Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
dellCNA
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
dellemc_appsync
𝑥
< 4.4.0.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
dellappsync
𝑥
< 4.4
CNA
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/000195377
https://www.dell.com/support/kbdoc/000195377