Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure.
History

Thu, 17 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell emc Appsync
CPEs cpe:2.3:a:dell:emc_appsync:*:*:*:*:*:*:*:*
Vendors & Products Dell
Dell emc Appsync

Wed, 09 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 09 Oct 2024 07:00:00 +0000

Type Values Removed Values Added
Description Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure.
Weaknesses CWE-611
References
Metrics cvssV3_1

{'score': 2.9, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published: 2024-10-09T06:48:53.639Z

Updated: 2024-10-09T13:25:52.908Z

Reserved: 2024-06-26T02:16:08.993Z

Link: CVE-2024-39586

cve-icon Vulnrichment

Updated: 2024-10-09T13:25:46.160Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-09T07:15:09.473

Modified: 2024-10-17T14:30:02.843

Link: CVE-2024-39586

cve-icon Redhat

No data.