CVE-2024-39586 LOW

CVE-2024-39586

Vendor Dell
Product AppSync
Weakness CWE-611 · XXE
Published October 9, 2024
Last update October 9, 2024

CVSS base score

2.9/10
Attack vector Adjacent
Attack complexity High
Privileges required High
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

What the vulnerability does

01Description

Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure.

Key dates

02Disclosure timeline

October 9, 2024 CVE published
October 9, 2024 Record updated