exploitDog

CVE-2024-39586

Опубликовано: 09 окт. 2024

Источник: nvd

CVSS3: 2.9

CVSS3: 4.3

EPSS Низкий

Описание

Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure.

Ссылки

https://www.dell.com/support/kbdoc/en-us/000234216/dsa-2024-420-security-update-for-dell-emc-appsync-for-multiple-vulnerabilities
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dell:emc_appsync:*:*:*:*:*:*:*:*

Версия от 4.3.0.0 (включая) до 4.6.0.3 (исключая)

EPSS

Процентиль: 6%

0.00029

Низкий

2.9 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-611

Связанные уязвимости

GHSA-xx6g-8fh5-hq6c

CVSS3: 2.9

github

10 месяцев назад

Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure.

EPSS

Процентиль: 6%

0.00029

Низкий

2.9 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-611