CVE Vulnerabilities

CVE-2022-34452

Use of GET Request Method With Sensitive Query Strings

Published: Feb 10, 2023 | Modified: Nov 21, 2024
CVSS 3.x
2.7
LOW
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs.

Weakness

The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.

Affected Software

Name Vendor Start Version End Version
Powerpath_management_appliance Dell 3.0 (including) 3.4 (excluding)

Potential Mitigations

References