Path Traversal Vulnerability in Wyse Management Suite by Dell
CVE-2022-34365

6.5MEDIUM

Key Information:

Vendor: Dell
Status: Wyse Management Suite
Vendor: CVE Published:; 10 August 2022

What is CVE-2022-34365?

The Wyse Management Suite version 3.7 by Dell is impacted by a path traversal vulnerability that could allow attackers to gain unauthorized read access to sensitive files on the server's filesystem. By exploiting this flaw in the Device API, an attacker may leverage the privileges of the running web application, leading to potential data exposure and compromise. Security measures and updates are essential to mitigate this risk and protect sensitive information.

Affected Version(s)

Wyse Management Suite < 3.8

References

https://www.dell.com/support/kbdoc/en-us/000201383/dsa-20...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 10, 2022
Vulnerability Reserved
Jun 23, 2022