DSA-2021-224: Dell Wyse Management Suite Security Update for Multiple Vulnerabilities
Summary: Dell Wyse Management Suite (WMS) contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36336 | Dell Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that may allow an unauthenticated attacker to execute code on the affected system. | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-36337 | Dell Wyse Management Suite 3.3.1 and below versions support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which may be susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data. | 6.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2021-3711 | OpenSSL Security Advisory |
| CVE-2021-3712 | ||
| Apache Tomcat | CVE-2021-33037 | See NVD (https://nvd.nist.gov/ ) for individual score for CVE. |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36336 | Dell Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that may allow an unauthenticated attacker to execute code on the affected system. | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-36337 | Dell Wyse Management Suite 3.3.1 and below versions support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which may be susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data. | 6.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2021-3711 | OpenSSL Security Advisory |
| CVE-2021-3712 | ||
| Apache Tomcat | CVE-2021-33037 | See NVD (https://nvd.nist.gov/ ) for individual score for CVE. |
Affected Products & Remediation
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-3711 | Dell Wyse Management Suite Import Tool | 1.7.0.68 and earlier | 1.7.0.69 | Dell Wyse Management Suite Import Tool |
| CVE-2021-3712 | ||||
| CVE-2021-3712 | Dell Wyse Management Suite | 3.3.1 and earlier | 3.5 | Dell Wyse Management Suite |
| CVE-2021-33037 | ||||
| CVE-2021-36336 | ||||
| CVE-2021-36337 |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-3711 | Dell Wyse Management Suite Import Tool | 1.7.0.68 and earlier | 1.7.0.69 | Dell Wyse Management Suite Import Tool |
| CVE-2021-3712 | ||||
| CVE-2021-3712 | Dell Wyse Management Suite | 3.3.1 and earlier | 3.5 | Dell Wyse Management Suite |
| CVE-2021-33037 | ||||
| CVE-2021-36336 | ||||
| CVE-2021-36337 |
Revision History
| Revision | Date | Description |
| 1.0 | 2021-11-18 | Initial Release |
Related Information
Legal Disclaimer
Affected Products
Product Security Information, Wyse Management SuiteArticle Properties
Article Number: 000193079
Article Type: Dell Security Advisory
Last Modified: 18 Nov 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.