HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2022-24414

CVSS 7.6v3.1pub. 2022-05-26upd. 2024-11-21

Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
  • Dell Cloudlink

    APP
    Dell
    ≤ 7.1.3
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2025-45378CRITICAL9.1PL ✓ten sam produkt

Dell CloudLink: command injection przez ucieczkę z restricted shell

CVE-2025-46364CRITICAL9.1PL ✓ten sam produkt

Dell CloudLink — CLI Escape umożliwia przejęcie kontroli nad systemem

CVE-2022-34379CRITICAL9.4ten sam produkt

Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attac...

CVE-2022-34380CRITICAL9.3ten sam produkt

Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Chan...

CVE-2021-36313CRITICAL9.1ten sam produkt

Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high pri...