Details of VAR-202203-1267

ID

VAR-202203-1267

CVE

CVE-2022-24424

TITLE

Dell's Dell EMC AppSync Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-008691

DESCRIPTION

Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. DELL EMC AppSync is a replication data management software of Dell (DELL). Provides a simple, SLA-driven, self-service way to protect, restore and clone critical Microsoft and Oracle applications and VMware environments

Trust: 1.8

sources: NVD: CVE-2022-24424 // JVNDB: JVNDB-2022-008691 // VULHUB: VHN-414171 // VULMON: CVE-2022-24424

AFFECTED PRODUCTS

vendor:	dell	model:	emc appsync	scope:	lt	version:	4.4.0.0	Trust: 1.0
vendor:	dell	model:	emc appsync	scope:	gte	version:	3.9.0.0	Trust: 1.0
vendor:	デル	model:	dell emc appsync	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	dell emc appsync	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	dell emc appsync	scope:	eq	version:	3.9.0.0 that's all 4.4.0.0	Trust: 0.8

sources: JVNDB: JVNDB-2022-008691 // NVD: CVE-2022-24424

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-24424
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2022-24424
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-24424
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202203-1561
value:	HIGH
Trust: 0.6
VULHUB:	VHN-414171
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-24424
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-24424
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-414171
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-24424
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2022-24424
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-414171 // VULMON: CVE-2022-24424 // JVNDB: JVNDB-2022-008691 // CNNVD: CNNVD-202203-1561 // NVD: CVE-2022-24424 // NVD: CVE-2022-24424

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.1
problemtype:	Path traversal (CWE-22) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-414171 // JVNDB: JVNDB-2022-008691 // NVD: CVE-2022-24424

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-1561

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202203-1561

PATCH

title:

DELL EMC AppSync Repair measures for path traversal vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190333

Trust: 0.6

sources: CNNVD: CNNVD-202203-1561

EXTERNAL IDS

db:	NVD	id:	CVE-2022-24424	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-008691	Trust: 0.8
db:	CS-HELP	id:	SB2022031705	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-1561	Trust: 0.6
db:	CNVD	id:	CNVD-2022-42740	Trust: 0.1
db:	VULHUB	id:	VHN-414171	Trust: 0.1
db:	VULMON	id:	CVE-2022-24424	Trust: 0.1

sources: VULHUB: VHN-414171 // VULMON: CVE-2022-24424 // JVNDB: JVNDB-2022-008691 // CNNVD: CNNVD-202203-1561 // NVD: CVE-2022-24424

REFERENCES

url:	https://www.dell.com/support/kbdoc/000197433	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24424	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-24424/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031705	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-414171 // VULMON: CVE-2022-24424 // JVNDB: JVNDB-2022-008691 // CNNVD: CNNVD-202203-1561 // NVD: CVE-2022-24424

SOURCES

db:	VULHUB	id:	VHN-414171
db:	VULMON	id:	CVE-2022-24424
db:	JVNDB	id:	JVNDB-2022-008691
db:	CNNVD	id:	CNNVD-202203-1561
db:	NVD	id:	CVE-2022-24424

LAST UPDATE DATE

2024-11-23T22:44:02.829000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-414171	date:	2022-05-03T00:00:00
db:	VULMON	id:	CVE-2022-24424	date:	2022-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2022-008691	date:	2023-07-28T08:06:00
db:	CNNVD	id:	CNNVD-202203-1561	date:	2022-05-05T00:00:00
db:	NVD	id:	CVE-2022-24424	date:	2024-11-21T06:50:23.957

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-414171	date:	2022-04-21T00:00:00
db:	VULMON	id:	CVE-2022-24424	date:	2022-04-21T00:00:00
db:	JVNDB	id:	JVNDB-2022-008691	date:	2023-07-28T00:00:00
db:	CNNVD	id:	CNNVD-202203-1561	date:	2022-03-17T00:00:00
db:	NVD	id:	CVE-2022-24424	date:	2022-04-21T21:15:07.870