Article Number: 000206134
High
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
CVE-2022-46754 | Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially access certain pro license features for which this admin is not authorized in order to configure user controlled external entities. | 8.7 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N |
CVE-2022-46755 | Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious end user can edit general client policy for which the user is not authorized. | 4.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
CVE-2022-46677 | Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially create a subgroup under a group for which the admin is not authorized. | 4.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
CVE-2022-46678 | Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially edit general client policy for which the user is not authorized. | 4.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
CVE-2022-46676 | Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. A malicious admin user may potentially disable or delete users under administration and unassigned admins for which the group admin is not authorized. | 4.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
CVE-2022-46675 | Wyse Management Suite Repository 3.8 and earlier contain an information disclosure vulnerability in error pages with which an attacker may potentially discover the internal structure of the application and its components and use this information for further vulnerability research. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Third-party Component | CVEs | More information |
Swagger-UI (DOMPurify) | CVE-2020-26870 | See NVD (http://nvd.nist.gov/ ) for individual scores for each CVE. |
OpenJDK | CVE-2022-34169 | |
Gson | CVE-2022-25647 |
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
CVE-2022-46754 | Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially access certain pro license features for which this admin is not authorized in order to configure user controlled external entities. | 8.7 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N |
CVE-2022-46755 | Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious end user can edit general client policy for which the user is not authorized. | 4.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
CVE-2022-46677 | Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially create a subgroup under a group for which the admin is not authorized. | 4.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
CVE-2022-46678 | Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially edit general client policy for which the user is not authorized. | 4.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
CVE-2022-46676 | Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. A malicious admin user may potentially disable or delete users under administration and unassigned admins for which the group admin is not authorized. | 4.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
CVE-2022-46675 | Wyse Management Suite Repository 3.8 and earlier contain an information disclosure vulnerability in error pages with which an attacker may potentially discover the internal structure of the application and its components and use this information for further vulnerability research. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Third-party Component | CVEs | More information |
Swagger-UI (DOMPurify) | CVE-2020-26870 | See NVD (http://nvd.nist.gov/ ) for individual scores for each CVE. |
OpenJDK | CVE-2022-34169 | |
Gson | CVE-2022-25647 |
Product | Affected Versions | Updated Versions | Link to Update |
Dell Wyse Management Suite | 3.8 and earlier | 4.0 | Dell Wyse Management Suite |
Dell Wyse Management Suite Repository | 3.8 and earlier | 4.0 | Dell Wyse Management Suite Repository |
Product | Affected Versions | Updated Versions | Link to Update |
Dell Wyse Management Suite | 3.8 and earlier | 4.0 | Dell Wyse Management Suite |
Dell Wyse Management Suite Repository | 3.8 and earlier | 4.0 | Dell Wyse Management Suite Repository |
Dell Technologies would like to thank Marius Gabriel Mihai for reporting CVE-2020-26870.
Revision | Date | Description |
1.0 | 2022-12-19 | Initial Release |
Wyse Management Suite
Product Security Information
09 Feb 2024
3
Dell Security Advisory