DSA-2022-030: Dell Wyse Management Suite Security Update for Multiple Vulnerabilities
摘要: Dell Wyse Management Suite (WMS) contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
影响
High
详情
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-23155 | Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges may potentially exploit this vulnerability in order to execute arbitrary code on the system. | 7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component | CVEs | More information |
| Apache Log4j | CVE-2021-44832 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-23155 | Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges may potentially exploit this vulnerability in order to execute arbitrary code on the system. | 7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component | CVEs | More information |
| Apache Log4j | CVE-2021-44832 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
受影响的产品和补救措施
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell Wyse Management Suite | 2.0 to 3.5.2 | 3.6 | Dell Wyse Management Suite |
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell Wyse Management Suite | 2.0 to 3.5.2 | 3.6 | Dell Wyse Management Suite |
修订历史记录
| Revision | Date | Description |
| 1.0 | 2022-02-17 | Initial Release |
确认
CVE-2022-23155: Dell Technologies would like to thank bugbounty2k20 for reporting this issue.
相关信息
法律免责声明
受影响的产品
Product Security Information, Wyse Management Suite文章属性
文章编号: 000195918
文章类型: Dell Security Advisory
上次修改时间: 17 2月 2022
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。