33 results (0.009 seconds)

CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0

Wyse Management Suite versions prior to 4.0 contain a sensitive information disclosure vulnerability. An authenticated malicious user having local access to the system running the application could exploit this vulnerability to read sensitive information written to log files. • https://www.dell.com/support/kbdoc/en-us/000215351/dsa-2023-240-dell-wyse-management-suite • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group. • https://www.dell.com/support/kbdoc/en-us/000215351/dsa-2023-240-dell-wyse-management-suite • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Wyse Management Suite versions prior to 4.0 contain a denial-of-service vulnerability. An authenticated malicious user can flood the configured SMTP server with numerous requests in order to deny access to the system. • https://www.dell.com/support/kbdoc/en-us/000215351/dsa-2023-240-dell-wyse-management-suite • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to configure user controlled external entities. • https://www.dell.com/support/kbdoc/en-us/000206134/dsa-2022-329-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities • CWE-284: Improper Access Control •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized. • https://www.dell.com/support/kbdoc/en-us/000206134/dsa-2022-329-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities • CWE-284: Improper Access Control •