Details of VAR-202201-1882

ID

VAR-202201-1882

CVE

CVE-2022-22553

TITLE

Dell EMC AppSync Vulnerability in improperly limiting excessive authentication attempts in

Trust: 0.8

sources: JVNDB: JVNDB-2022-003867

DESCRIPTION

Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users. (DoS) It may be in a state. DELL EMC AppSync is a replication data management software of Dell (DELL). Provides a simple, SLA-driven, self-service way to protect, restore and clone critical Microsoft and Oracle applications and VMware environments

Trust: 1.8

sources: NVD: CVE-2022-22553 // JVNDB: JVNDB-2022-003867 // VULHUB: VHN-411180 // VULMON: CVE-2022-22553

AFFECTED PRODUCTS

vendor:	dell	model:	emc appsync	scope:	lt	version:	4.4.0.0	Trust: 1.0
vendor:	デル	model:	dell emc appsync	scope:	eq	version:	3.9 to 4.3	Trust: 0.8
vendor:	デル	model:	dell emc appsync	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-003867 // NVD: CVE-2022-22553

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22553
value:	CRITICAL
Trust: 1.0
security_alert@emc.com:	CVE-2022-22553
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-22553
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202201-2176
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-411180
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-22553
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-22553
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-411180
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22553
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-22553
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-22553
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-411180 // VULMON: CVE-2022-22553 // JVNDB: JVNDB-2022-003867 // CNNVD: CNNVD-202201-2176 // NVD: CVE-2022-22553 // NVD: CVE-2022-22553

PROBLEMTYPE DATA

problemtype:	CWE-307	Trust: 1.1
problemtype:	Inappropriate limitation of excessive authentication attempts (CWE-307) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-411180 // JVNDB: JVNDB-2022-003867 // NVD: CVE-2022-22553

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-2176

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202201-2176

PATCH

title:	DSA-2022-003	url:	https://www.dell.com/support/kbdoc/ja-jp/000195377/dsa-2022-003-dell-emc-appsync-security-update-for-multiple-vulnerabilities	Trust: 0.8
title:	DELL EMC AppSync Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=183801	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-22553 // JVNDB: JVNDB-2022-003867 // CNNVD: CNNVD-202201-2176

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22553	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-003867	Trust: 0.8
db:	CNNVD	id:	CNNVD-202201-2176	Trust: 0.7
db:	CNVD	id:	CNVD-2022-06707	Trust: 0.1
db:	VULHUB	id:	VHN-411180	Trust: 0.1
db:	VULMON	id:	CVE-2022-22553	Trust: 0.1

sources: VULHUB: VHN-411180 // VULMON: CVE-2022-22553 // JVNDB: JVNDB-2022-003867 // CNNVD: CNNVD-202201-2176 // NVD: CVE-2022-22553

REFERENCES

url:	https://www.dell.com/support/kbdoc/000195377	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22553	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/307.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-411180 // VULMON: CVE-2022-22553 // JVNDB: JVNDB-2022-003867 // CNNVD: CNNVD-202201-2176 // NVD: CVE-2022-22553

SOURCES

db:	VULHUB	id:	VHN-411180
db:	VULMON	id:	CVE-2022-22553
db:	JVNDB	id:	JVNDB-2022-003867
db:	CNNVD	id:	CNNVD-202201-2176
db:	NVD	id:	CVE-2022-22553

LAST UPDATE DATE

2024-11-23T22:10:55.057000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-411180	date:	2022-01-27T00:00:00
db:	VULMON	id:	CVE-2022-22553	date:	2022-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2022-003867	date:	2023-03-10T01:50:00
db:	CNNVD	id:	CNNVD-202201-2176	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2022-22553	date:	2024-11-21T06:47:00.843

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-411180	date:	2022-01-21T00:00:00
db:	VULMON	id:	CVE-2022-22553	date:	2022-01-21T00:00:00
db:	JVNDB	id:	JVNDB-2022-003867	date:	2023-03-10T00:00:00
db:	CNNVD	id:	CNNVD-202201-2176	date:	2022-01-21T00:00:00
db:	NVD	id:	CVE-2022-22553	date:	2022-01-21T21:15:09.223