Vulnerability Details CVE-2022-24414
Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.0%
CVSS Severity
CVSS v3 Score 7.6
CVSS v2 Score 4.0
References
Products affected by CVE-2022-24414
-
cpe:2.3:a:dell:cloudlink:-
-
cpe:2.3:a:dell:cloudlink:4.0
-
cpe:2.3:a:dell:cloudlink:5.0
-
cpe:2.3:a:dell:cloudlink:5.5
-
cpe:2.3:a:dell:cloudlink:6.0
-
cpe:2.3:a:dell:cloudlink:6.5
-
cpe:2.3:a:dell:cloudlink:6.6
-
cpe:2.3:a:dell:cloudlink:6.7
-
cpe:2.3:a:dell:cloudlink:6.8
-
cpe:2.3:a:dell:cloudlink:6.9
-
cpe:2.3:a:dell:cloudlink:7.0
-
cpe:2.3:a:dell:cloudlink:7.0.1
-
cpe:2.3:a:dell:cloudlink:7.0.2
-
cpe:2.3:a:dell:cloudlink:7.1
-
cpe:2.3:a:dell:cloudlink:7.1.1
-
cpe:2.3:a:dell:cloudlink:7.1.2
-
cpe:2.3:a:dell:cloudlink:7.1.3