Описание
Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.9.0.0 (включая) до 4.4.0.0 (исключая)
cpe:2.3:a:dell:emc_appsync:*:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00666
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
CWE-22
Связанные уязвимости
CVSS3: 7.5
github
почти 4 года назад
Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.
EPSS
Процентиль: 71%
0.00666
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
CWE-22