Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-24414

Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks.

Published

2022-05-26T16:15:07.920

Last Modified

2024-11-21T06:50:22.430

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.6 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.0

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-598
  • Type: Primary
    CWE-200
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application dell cloudlink ≤ 7.1.3 Yes
References