DSA-2021-224: Dell Wyse Management Suite Security Update for Multiple Vulnerabilities
Samenvatting: Dell Wyse Management Suite (WMS) contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Dit artikel is van toepassing op
Dit artikel is niet van toepassing op
Dit artikel is niet gebonden aan een specifiek product.
Niet alle productversies worden in dit artikel vermeld.
Impact
Critical
Gegevens
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36336 | Dell Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that may allow an unauthenticated attacker to execute code on the affected system. | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-36337 | Dell Wyse Management Suite 3.3.1 and below versions support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which may be susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data. | 6.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2021-3711 | OpenSSL Security Advisory |
| CVE-2021-3712 | ||
| Apache Tomcat | CVE-2021-33037 | See NVD (https://nvd.nist.gov/ ) for individual score for CVE. |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36336 | Dell Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that may allow an unauthenticated attacker to execute code on the affected system. | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-36337 | Dell Wyse Management Suite 3.3.1 and below versions support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which may be susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data. | 6.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2021-3711 | OpenSSL Security Advisory |
| CVE-2021-3712 | ||
| Apache Tomcat | CVE-2021-33037 | See NVD (https://nvd.nist.gov/ ) for individual score for CVE. |
Getroffen producten en herstel
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-3711 | Dell Wyse Management Suite Import Tool | 1.7.0.68 and earlier | 1.7.0.69 | Dell Wyse Management Suite Import Tool |
| CVE-2021-3712 | ||||
| CVE-2021-3712 | Dell Wyse Management Suite | 3.3.1 and earlier | 3.5 | Dell Wyse Management Suite |
| CVE-2021-33037 | ||||
| CVE-2021-36336 | ||||
| CVE-2021-36337 |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-3711 | Dell Wyse Management Suite Import Tool | 1.7.0.68 and earlier | 1.7.0.69 | Dell Wyse Management Suite Import Tool |
| CVE-2021-3712 | ||||
| CVE-2021-3712 | Dell Wyse Management Suite | 3.3.1 and earlier | 3.5 | Dell Wyse Management Suite |
| CVE-2021-33037 | ||||
| CVE-2021-36336 | ||||
| CVE-2021-36337 |
Revisiegeschiedenis
| Revision | Date | Description |
| 1.0 | 2021-11-18 | Initial Release |
Verwante informatie
Juridische verklaring van afstand
Getroffen producten
Product Security Information, Wyse Management SuiteArtikeleigenschappen
Artikelnummer: 000193079
Artikeltype: Dell Security Advisory
Laatst aangepast: 18 nov. 2021
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.