CVE-2022-22553

Published: Jan 21, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users.

Affected (1)

Products: Dell: Emc Appsync

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Emc Appsync	Before 4.4.0.0

Related CWEs

Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References (2)

https://www.dell.com/support/kbdoc/000195377

Source: security_alert@emc.com

PatchVendor Advisory

https://www.dell.com/support/kbdoc/000195377

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.