DSA-2025-226: Security Update for Dell Wyse Management Suite (WMS) for Multiple Vulnerabilities

摘要: Dell Wyse Management Suite (WMS) remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

本文适用于 本文不适用于 本文并非针对某种特定的产品。 本文并非包含所有产品版本。

影响

High

详情

Third-party Component

CVEs

 More Information

EMSDK

CVE-2024-6763, CVE-2024-8184

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2025-36574

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Unauthorized access.

8.2

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-36575

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

7.5

 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-36578

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

6.8

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-36580

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

6.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-36577

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

6.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-36576

Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.

2.7

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2025-36574

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Unauthorized access.

8.2

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-36575

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

7.5

 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-36578

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

6.8

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-36580

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

6.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-36577

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

6.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-36576

Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.

2.7

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数,这可能会影响与特定安全漏洞相关的潜在严重程度。

受影响的产品和补救措施

CVEs addressed

Product

Affected Versions

Remediated Versions

Release Date

Link

CVE-2024-6763, CVE-2024-8184, CVE-2025-36574, CVE-2025-36575, CVE-2025-36578, CVE-2025-36580, CVE-2025-36577, CVE-2025-36576

Dell Wyse Management Suite

Versions prior to 5.2

Version

5.2 or later

06/02/2025

Dell Wyse Management Suite

 

CVEs addressed

Product

Affected Versions

Remediated Versions

Release Date

Link

CVE-2024-6763, CVE-2024-8184, CVE-2025-36574, CVE-2025-36575, CVE-2025-36578, CVE-2025-36580, CVE-2025-36577, CVE-2025-36576

Dell Wyse Management Suite

Versions prior to 5.2

Version

5.2 or later

06/02/2025

Dell Wyse Management Suite

 

修订历史记录

Revision

Date

Description

1.0

2025-06-10

Initial Release

 

确认

CVE-2025-36574, CVE-2025-36575: Dell would like to thank Justin Hocquel NCIA/NCSC Researcher for reporting this issue.

相关信息

受影响的产品

Wyse Management Suite
文章属性
文章编号: 000325679
文章类型: Dell Security Advisory
上次修改时间: 10 6月 2025
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。