Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:LDell Cloudlink
APPDell≤ 7.1.3
Powiązane podatności
Dell CloudLink: command injection przez ucieczkę z restricted shell
Dell CloudLink — CLI Escape umożliwia przejęcie kontroli nad systemem
Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attac...
Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Chan...
Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high pri...