Details of VAR-202201-1883

ID

VAR-202201-1883

CVE

CVE-2022-22551

TITLE

Dell EMC AppSync Session immobilization vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-003869

DESCRIPTION

DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session. Dell EMC AppSync Exists in a session immobilization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DELL EMC AppSync is a replication data management software of Dell (DELL). Provides a simple, SLA-driven, self-service way to protect, restore and clone critical Microsoft and Oracle applications and VMware environments

Trust: 1.8

sources: NVD: CVE-2022-22551 // JVNDB: JVNDB-2022-003869 // VULHUB: VHN-411178 // VULMON: CVE-2022-22551

AFFECTED PRODUCTS

vendor:	dell	model:	emc appsync	scope:	lt	version:	4.4.0.0	Trust: 1.0
vendor:	デル	model:	dell emc appsync	scope:	eq	version:	3.9 to 4.3	Trust: 0.8
vendor:	デル	model:	dell emc appsync	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-003869 // NVD: CVE-2022-22551

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22551
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2022-22551
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-22551
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202201-2174
value:	HIGH
Trust: 0.6
VULHUB:	VHN-411178
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-22551
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-22551
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-411178
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22551
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-22551
baseSeverity:	HIGH
baseScore:	8.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.5
version:	3.1
Trust: 1.0
NVD:	CVE-2022-22551
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-411178 // VULMON: CVE-2022-22551 // JVNDB: JVNDB-2022-003869 // CNNVD: CNNVD-202201-2174 // NVD: CVE-2022-22551 // NVD: CVE-2022-22551

PROBLEMTYPE DATA

problemtype:	CWE-384	Trust: 1.1
problemtype:	CWE-598	Trust: 1.0
problemtype:	Session immobilization (CWE-384) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-411178 // JVNDB: JVNDB-2022-003869 // NVD: CVE-2022-22551

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202201-2174

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202201-2174

PATCH

title:	DSA-2022-003	url:	https://www.dell.com/support/kbdoc/ja-jp/000195377/dsa-2022-003-dell-emc-appsync-security-update-for-multiple-vulnerabilities	Trust: 0.8
title:	DELL EMC AppSync Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=179976	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-22551 // JVNDB: JVNDB-2022-003869 // CNNVD: CNNVD-202201-2174

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22551	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-003869	Trust: 0.8
db:	CNNVD	id:	CNNVD-202201-2174	Trust: 0.7
db:	CNVD	id:	CNVD-2022-06705	Trust: 0.1
db:	VULHUB	id:	VHN-411178	Trust: 0.1
db:	VULMON	id:	CVE-2022-22551	Trust: 0.1

sources: VULHUB: VHN-411178 // VULMON: CVE-2022-22551 // JVNDB: JVNDB-2022-003869 // CNNVD: CNNVD-202201-2174 // NVD: CVE-2022-22551

REFERENCES

url:	https://www.dell.com/support/kbdoc/000195377	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22551	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/384.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-411178 // VULMON: CVE-2022-22551 // JVNDB: JVNDB-2022-003869 // CNNVD: CNNVD-202201-2174 // NVD: CVE-2022-22551

SOURCES

db:	VULHUB	id:	VHN-411178
db:	VULMON	id:	CVE-2022-22551
db:	JVNDB	id:	JVNDB-2022-003869
db:	CNNVD	id:	CNNVD-202201-2174
db:	NVD	id:	CVE-2022-22551

LAST UPDATE DATE

2024-11-23T22:20:39.811000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-411178	date:	2022-01-27T00:00:00
db:	VULMON	id:	CVE-2022-22551	date:	2022-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2022-003869	date:	2023-03-10T01:57:00
db:	CNNVD	id:	CNNVD-202201-2174	date:	2022-02-28T00:00:00
db:	NVD	id:	CVE-2022-22551	date:	2024-11-21T06:47:00.603

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-411178	date:	2022-01-21T00:00:00
db:	VULMON	id:	CVE-2022-22551	date:	2022-01-21T00:00:00
db:	JVNDB	id:	JVNDB-2022-003869	date:	2023-03-10T00:00:00
db:	CNNVD	id:	CNNVD-202201-2174	date:	2022-01-21T00:00:00
db:	NVD	id:	CVE-2022-22551	date:	2022-01-21T21:15:09.107