DSA-2022-030: Dell Wyse Management Suite Security Update for Multiple Vulnerabilities

摘要: Dell Wyse Management Suite (WMS) contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

本文章適用於 本文章不適用於 本文無關於任何特定產品。 本文未識別所有產品版本。

影響

High

詳細資料

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-23155 Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges may potentially exploit this vulnerability in order to execute arbitrary code on the system. 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
 
Third-party Component CVEs More information
Apache Log4j CVE-2021-44832 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-23155 Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges may potentially exploit this vulnerability in order to execute arbitrary code on the system. 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
 
Third-party Component CVEs More information
Apache Log4j CVE-2021-44832 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Dell Technologies 建議所有客戶不僅要參考 CVSS 基本分數,也要將可能會影響與特定安全漏洞相關之潛在嚴重性的所有相關暫時和環境分數納入考量。

受影響的產品與補救措施

Product Affected Versions Updated Versions Link to Update
Dell Wyse Management Suite 2.0 to 3.5.2 3.6 Dell Wyse Management Suite
Product Affected Versions Updated Versions Link to Update
Dell Wyse Management Suite 2.0 to 3.5.2 3.6 Dell Wyse Management Suite

修訂歷史記錄

RevisionDateDescription
1.02022-02-17Initial Release

感謝

CVE-2022-23155: Dell Technologies would like to thank bugbounty2k20 for reporting this issue.
 

相關資訊

受影響的產品

Product Security Information, Wyse Management Suite
文章屬性
文章編號: 000195918
文章類型: Dell Security Advisory
上次修改時間: 17 2月 2022
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。