Dell: >> Cloudlink >> 7.1.2 Security Vulnerabilities
Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system.
CVSS Score
9.3
EPSS Score
0.0
Published
2022-09-01
Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks.
CVSS Score
7.6
EPSS Score
0.003
Published
2022-05-26
Page 2