DSA-2021-224: Dell Wyse Management Suite Security Update for Multiple Vulnerabilities

Oversigt: Dell Wyse Management Suite (WMS) contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Denne artikel gælder for Denne artikel gælder ikke for Denne artikel er ikke knyttet til et bestemt produkt. Det er ikke alle produktversioner, der er identificeret i denne artikel.
Udforsk andre ressourcer

Virkning

Critical

Oplysninger

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-36336 Dell Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that may allow an unauthenticated attacker to execute code on the affected system. 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-36337 Dell Wyse Management Suite 3.3.1 and below versions support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which may be susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data. 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
 
Third-party Component CVEs More information
 OpenSSL CVE-2021-3711 OpenSSL Security Advisory
CVE-2021-3712
Apache Tomcat CVE-2021-33037 See NVD (https://nvd.nist.gov/ ) for individual score for CVE.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-36336 Dell Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that may allow an unauthenticated attacker to execute code on the affected system. 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-36337 Dell Wyse Management Suite 3.3.1 and below versions support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which may be susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data. 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
 
Third-party Component CVEs More information
 OpenSSL CVE-2021-3711 OpenSSL Security Advisory
CVE-2021-3712
Apache Tomcat CVE-2021-33037 See NVD (https://nvd.nist.gov/ ) for individual score for CVE.
Dell Technologies anbefaler, at alle kunder tager hensyn til både CVSS-basisresultatet og alle relevante tidsmæssige og miljømæssige resultater, som kan have betydning for den potentielle alvorsgrad, der er forbundet med en bestemt sikkerhedsrisiko.

Berørte produkter og udbedring

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2021-3711 Dell Wyse Management Suite Import Tool 1.7.0.68 and earlier 1.7.0.69 Dell Wyse Management Suite Import Tool
CVE-2021-3712
CVE-2021-3712 Dell Wyse Management Suite 3.3.1 and earlier  3.5 Dell Wyse Management Suite
CVE-2021-33037
CVE-2021-36336
CVE-2021-36337
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2021-3711 Dell Wyse Management Suite Import Tool 1.7.0.68 and earlier 1.7.0.69 Dell Wyse Management Suite Import Tool
CVE-2021-3712
CVE-2021-3712 Dell Wyse Management Suite 3.3.1 and earlier  3.5 Dell Wyse Management Suite
CVE-2021-33037
CVE-2021-36336
CVE-2021-36337

Revisionshistorik

RevisionDateDescription
1.02021-11-18Initial Release

Relaterede oplysninger

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Ansvarsfraskrivelse

Berørte produkter

Product Security Information, Wyse Management Suite
Artikelegenskaber
Artikelnummer: 000193079
Artikeltype: Dell Security Advisory
Senest ændret: 18 nov. 2021
Find svar på dine spørgsmål fra andre Dell-brugere
Supportservices
Kontrollér, om din enhed er dækket af supportservices.