Name of the Vulnerable Software and Affected Versions:

Dell EMC AppSync versions 4.2.0.0 through 4.6.0.0

Description:

The issue allows a high privileged remote attacker to potentially exploit an exposure of sensitive information vulnerability in AppSync server logs, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.

Recommendations:

For Dell EMC AppSync versions 4.2.0.0 through 4.6.0.0, consider restricting access to the AppSync server logs to minimize the risk of exploitation. As a temporary workaround, limit the privileges of accounts that could be compromised by the exposed credentials. At the moment, there is no information about a newer version that contains a fix for this vulnerability.