Vulnerability: Unauthenticated Session Hijacking in DELL EMC AppSync Versions 3.9 to 4.3

CVE-2022-22551 · HIGH Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session.

Learn more about our Web Application Penetration Testing UK.