DSA-2021-224: Dell Wyse Management Suite Security Update for Multiple Vulnerabilities
Résumé: Dell Wyse Management Suite (WMS) contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Cet article concerne
Cet article ne concerne pas
Cet article n’est associé à aucun produit spécifique.
Toutes les versions du produit ne sont pas identifiées dans cet article.
Impact
Critical
Détails
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36336 | Dell Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that may allow an unauthenticated attacker to execute code on the affected system. | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-36337 | Dell Wyse Management Suite 3.3.1 and below versions support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which may be susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data. | 6.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2021-3711 | OpenSSL Security Advisory |
| CVE-2021-3712 | ||
| Apache Tomcat | CVE-2021-33037 | See NVD (https://nvd.nist.gov/ ) for individual score for CVE. |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36336 | Dell Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that may allow an unauthenticated attacker to execute code on the affected system. | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-36337 | Dell Wyse Management Suite 3.3.1 and below versions support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which may be susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data. | 6.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2021-3711 | OpenSSL Security Advisory |
| CVE-2021-3712 | ||
| Apache Tomcat | CVE-2021-33037 | See NVD (https://nvd.nist.gov/ ) for individual score for CVE. |
Produits concernés et mesure corrective
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-3711 | Dell Wyse Management Suite Import Tool | 1.7.0.68 and earlier | 1.7.0.69 | Dell Wyse Management Suite Import Tool |
| CVE-2021-3712 | ||||
| CVE-2021-3712 | Dell Wyse Management Suite | 3.3.1 and earlier | 3.5 | Dell Wyse Management Suite |
| CVE-2021-33037 | ||||
| CVE-2021-36336 | ||||
| CVE-2021-36337 |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-3711 | Dell Wyse Management Suite Import Tool | 1.7.0.68 and earlier | 1.7.0.69 | Dell Wyse Management Suite Import Tool |
| CVE-2021-3712 | ||||
| CVE-2021-3712 | Dell Wyse Management Suite | 3.3.1 and earlier | 3.5 | Dell Wyse Management Suite |
| CVE-2021-33037 | ||||
| CVE-2021-36336 | ||||
| CVE-2021-36337 |
Historique des révisions
| Revision | Date | Description |
| 1.0 | 2021-11-18 | Initial Release |
Informations connexes
Mention légale
Produits concernés
Product Security Information, Wyse Management SuitePropriétés de l’article
Numéro d’article: 000193079
Type d’article: Dell Security Advisory
Dernière modification: 18 nov. 2021
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.