Access Control Weakness in Dell Wyse Management Suite
CVE-2022-33925

6.5MEDIUM

Key Information:

Vendor: Dell
Status: Wyse Management Suite
Vendor: CVE Published:; 10 August 2022

What is CVE-2022-33925?

Dell Wyse Management Suite versions 3.6.1 and earlier suffer from an improper access control vulnerability within its user interface. This issue allows remote authenticated attackers to bypass intended access restrictions, potentially enabling them to download sensitive reports that could compromise confidential information. Organizations using affected versions should evaluate their security posture and apply updates or mitigations to safeguard against potential exploitation.

Affected Version(s)

Wyse Management Suite < 3.7

References

https://www.dell.com/support/kbdoc/en-us/000201383/dsa-20...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 10, 2022
Vulnerability Reserved
Jun 17, 2022