DSA-2021-224: Dell Wyse Management Suite Security Update for Multiple Vulnerabilities
Summary: Dell Wyse Management Suite (WMS) contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Αυτό το άρθρο ισχύει για
Αυτό το άρθρο δεν ισχύει για
Αυτό το άρθρο δεν συνδέεται με κάποιο συγκεκριμένο προϊόν.
Δεν προσδιορίζονται όλες οι εκδόσεις προϊόντων σε αυτό το άρθρο.
Impact
Critical
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36336 | Dell Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that may allow an unauthenticated attacker to execute code on the affected system. | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-36337 | Dell Wyse Management Suite 3.3.1 and below versions support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which may be susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data. | 6.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2021-3711 | OpenSSL Security Advisory |
| CVE-2021-3712 | ||
| Apache Tomcat | CVE-2021-33037 | See NVD (https://nvd.nist.gov/ ) for individual score for CVE. |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36336 | Dell Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that may allow an unauthenticated attacker to execute code on the affected system. | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-36337 | Dell Wyse Management Suite 3.3.1 and below versions support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which may be susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data. | 6.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2021-3711 | OpenSSL Security Advisory |
| CVE-2021-3712 | ||
| Apache Tomcat | CVE-2021-33037 | See NVD (https://nvd.nist.gov/ ) for individual score for CVE. |
Επηρεαζόμενα προϊόντα και αποκατάσταση
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-3711 | Dell Wyse Management Suite Import Tool | 1.7.0.68 and earlier | 1.7.0.69 | Dell Wyse Management Suite Import Tool |
| CVE-2021-3712 | ||||
| CVE-2021-3712 | Dell Wyse Management Suite | 3.3.1 and earlier | 3.5 | Dell Wyse Management Suite |
| CVE-2021-33037 | ||||
| CVE-2021-36336 | ||||
| CVE-2021-36337 |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-3711 | Dell Wyse Management Suite Import Tool | 1.7.0.68 and earlier | 1.7.0.69 | Dell Wyse Management Suite Import Tool |
| CVE-2021-3712 | ||||
| CVE-2021-3712 | Dell Wyse Management Suite | 3.3.1 and earlier | 3.5 | Dell Wyse Management Suite |
| CVE-2021-33037 | ||||
| CVE-2021-36336 | ||||
| CVE-2021-36337 |
Revision History
| Revision | Date | Description |
| 1.0 | 2021-11-18 | Initial Release |
Related Information
Νομική αποποίηση ευθύνης
Επηρεαζόμενα προϊόντα
Product Security Information, Wyse Management SuiteΙδιότητες άρθρου
Article Number: 000193079
Article Type: Dell Security Advisory
Τελευταία τροποποίηση: 18 Νοε 2021
Βρείτε απαντήσεις στις ερωτήσεις σας από άλλους χρήστες της Dell
Υπηρεσίες υποστήριξης
Ελέγξτε αν η συσκευή σας καλύπτεται από τις Υπηρεσίες υποστήριξης.