DSA-2022-143: Dell Wyse Management Suite Security Update for Multiple Vulnerabilities.
Summary: Dell Wyse Management Suite (WMS) remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Medium
Details
| Third-Party Component |
CVEs |
More information |
|---|---|---|
| JQuery UI Library |
CVE-2021-41184 |
See NVD |
for individual scores for each CVE| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|---|---|---|---|
| CVE-2022-29096 |
Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. |
6.1 |
|
| CVE-2022-29097 |
Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. |
4.9 |
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|---|---|---|---|
| CVE-2022-29096 |
Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. |
6.1 |
|
| CVE-2022-29097 |
Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. |
4.9 |
Affected Products & Remediation
| Product |
Affected Versions |
Updated Versions |
Link to Update |
| Dell Wyse Management Suite |
3.6.1 and earlier |
3.7 |
|
| Product |
Affected Versions |
Updated Versions |
Link to Update |
| Dell Wyse Management Suite |
3.6.1 and earlier |
3.7 |
|
Revision History
|
Revision |
Date |
Description |
|
1.0 |
2022-05-31 |
Initial Release |
Acknowledgements
CVE-2022-29097: Dell Technologies would like to thank bugbounty2k20 for reporting this issue.
Related Information
Legal Disclaimer
Affected Products
Product Security Information, Wyse Management SuiteArticle Properties
Article Number: 000200215
Article Type: Dell Security Advisory
Last Modified: 27 Jun 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.