DSA-2021-224: Dell Wyse Management Suite Security Update for Multiple Vulnerabilities
Сводка: Dell Wyse Management Suite (WMS) contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Данная статья применяется к
Данная статья не применяется к
Эта статья не привязана к какому-либо конкретному продукту.
В этой статье указаны не все версии продуктов.
Влияние
Critical
Подробные сведения
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36336 | Dell Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that may allow an unauthenticated attacker to execute code on the affected system. | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-36337 | Dell Wyse Management Suite 3.3.1 and below versions support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which may be susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data. | 6.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2021-3711 | OpenSSL Security Advisory |
| CVE-2021-3712 | ||
| Apache Tomcat | CVE-2021-33037 | See NVD (https://nvd.nist.gov/ ) for individual score for CVE. |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36336 | Dell Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that may allow an unauthenticated attacker to execute code on the affected system. | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-36337 | Dell Wyse Management Suite 3.3.1 and below versions support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which may be susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data. | 6.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2021-3711 | OpenSSL Security Advisory |
| CVE-2021-3712 | ||
| Apache Tomcat | CVE-2021-33037 | See NVD (https://nvd.nist.gov/ ) for individual score for CVE. |
Затронутые продукты и исправление
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-3711 | Dell Wyse Management Suite Import Tool | 1.7.0.68 and earlier | 1.7.0.69 | Dell Wyse Management Suite Import Tool |
| CVE-2021-3712 | ||||
| CVE-2021-3712 | Dell Wyse Management Suite | 3.3.1 and earlier | 3.5 | Dell Wyse Management Suite |
| CVE-2021-33037 | ||||
| CVE-2021-36336 | ||||
| CVE-2021-36337 |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-3711 | Dell Wyse Management Suite Import Tool | 1.7.0.68 and earlier | 1.7.0.69 | Dell Wyse Management Suite Import Tool |
| CVE-2021-3712 | ||||
| CVE-2021-3712 | Dell Wyse Management Suite | 3.3.1 and earlier | 3.5 | Dell Wyse Management Suite |
| CVE-2021-33037 | ||||
| CVE-2021-36336 | ||||
| CVE-2021-36337 |
История изменений
| Revision | Date | Description |
| 1.0 | 2021-11-18 | Initial Release |
Связанная информация
Правовая оговорка
Затронутые продукты
Product Security Information, Wyse Management SuiteСвойства статьи
Номер статьи: 000193079
Тип статьи: Dell Security Advisory
Последнее изменение: 18 Nov 2021
Получите ответы на свои вопросы от других пользователей Dell
Услуги технической поддержки
Проверьте, распространяются ли на ваше устройство услуги технической поддержки.