Risk | High |
Patch available | YES |
Number of vulnerabilities | 4 |
CVE-ID | CVE-2019-12900 CVE-2016-3189 CVE-2021-33503 CVE-2021-3712 |
CWE-ID | CWE-787 CWE-416 CWE-400 CWE-125 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Dell EMC AppSync Web applications / Remote management & hosting panels |
Vendor | Dell |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
EUVDB-ID: #VU19178
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-12900
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionInstall update from vendor's website.
Vulnerable software versionsDell EMC AppSync: before 4.4.1.0
External linkshttp://www.dell.com/support/kbdoc/fr-fr/printview/000199436/10/en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU12
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-3189
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause the target application to crash.
The vulnerability exists due to an use-after-free error in bzip2recover when handling bzip2 files. A remote unauthenticated attacker can send a specially crafted bzip2 archive and cause the target application to crash.
Successful exploitation of this vulnerability will result in denial of service.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC AppSync: before 4.4.1.0
External linkshttp://www.dell.com/support/kbdoc/fr-fr/printview/000199436/10/en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU54077
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33503
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in urllib3 when processing URL with multiple "@" characters in the authority component. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC AppSync: before 4.4.1.0
External linkshttp://www.dell.com/support/kbdoc/fr-fr/printview/000199436/10/en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU56064
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3712
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing ASN.1 strings related to a confusion with NULL termination of strings in array. A remote attacker can pass specially crafted data to the application to trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsDell EMC AppSync: before 4.4.1.0
External linkshttp://www.dell.com/support/kbdoc/fr-fr/printview/000199436/10/en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.