Vulnerability Details : CVE-2022-22552
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations.
Exploit prediction scoring system (EPSS) score for CVE-2022-22552
Probability of exploitation activity in the next 30 days: 0.11%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 44 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-22552
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
6.9
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:H |
1.6
|
4.7
|
Dell |
CWE ids for CVE-2022-22552
-
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.Assigned by:
- nvd@nist.gov (Primary)
- security_alert@emc.com (Secondary)
References for CVE-2022-22552
-
https://www.dell.com/support/kbdoc/000195377
DSA-2022-003: Dell EMC AppSync Security Update for Multiple Vulnerabilities | Dell NederlandPatch;Vendor Advisory
Products affected by CVE-2022-22552
- cpe:2.3:a:dell:emc_appsync:*:*:*:*:*:*:*:*