Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Vulnerability Type
通过GET请求中的查询字符串导致的信息暴露
Vulnerability Title
Dell EMC CloudLink 信息泄露漏洞
Vulnerability Description
Dell EMC CloudLink是美国戴尔(Dell)公司的一种灵活的数据加密和密钥管理解决方案。用于公共、私有和混合云环境中的数据加密。 Dell EMC CloudLink 7.1.3版本及之前版本存在安全漏洞。攻击者利用该漏洞使用令牌访问 CloudLink 服务器。
CVSS Information
N/A
Vulnerability Type
N/A