PT-2022-15521 · Dell Emc · Dell Emc Appsync
Published
2022-01-21
·
Updated
2022-01-27
·
CVE-2022-22553
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dell EMC AppSync versions 3.9 to 4.3
Description
The issue allows an adjacent unauthenticated attacker to potentially exploit the vulnerability, leading to password brute-forcing. This can result in account takeover if weak passwords are used by users. The vulnerability can be exploited from both the UI and CLI.
Recommendations
For Dell EMC AppSync versions 3.9 to 4.3, consider implementing additional security measures to restrict excessive authentication attempts, such as rate limiting or IP blocking, until a patch is available. As a temporary workaround, enforce strong password policies to minimize the risk of account takeover due to weak passwords.
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Emc Appsync