Artikelnummer: 000196005
Medium
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-23156 | Wyse Device Agent version 14.6.1.4 and below contains an Improper Authentication vulnerability. A malicious user may potentially exploit this vulnerability by providing invalid input to obtain a connection to WMS server. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| CVE-2022-23158 | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with admin privilege may potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| CVE-2022-23157 | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. An authenticated malicious user may potentially exploit this vulnerability to view sensitive information from the WMS Server | 4.4 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-23156 | Wyse Device Agent version 14.6.1.4 and below contains an Improper Authentication vulnerability. A malicious user may potentially exploit this vulnerability by providing invalid input to obtain a connection to WMS server. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| CVE-2022-23158 | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with admin privilege may potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| CVE-2022-23157 | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. An authenticated malicious user may potentially exploit this vulnerability to view sensitive information from the WMS Server | 4.4 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell Wyse Device Agent | 14.6.1.4 and earlier | 14.6.2.13 | Dell Wyse Device Agent |
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell Wyse Device Agent | 14.6.1.4 and earlier | 14.6.2.13 | Dell Wyse Device Agent |
| Revision | Date | Description |
| 1.0 | 2022-2-17 | Initial Release |
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Product Security Information, Wyse Management Suite
17 feb 2022
1
Dell Security Advisory