CVE-2022-33925
Description
Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An remote authenticated attacker could potentially exploit this vulnerability by bypassing access controls in order to download reports containing sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Dell Wyse Management Suite 3.6.1 and below allows an authenticated attacker to bypass access controls and download reports with sensitive information.
Vulnerability
CVE-2022-33925 is an improper access control vulnerability in the UI component of Dell Wyse Management Suite versions 3.6.1 and below [1]. The vulnerability allows an authenticated remote attacker to bypass intended access controls and download reports that contain sensitive information [1].
Exploitation
An attacker must have valid low-privilege authentication to the Wyse Management Suite web interface [1]. No additional privileges are needed; the attacker can directly access the report download functionality that should be restricted [1]. The attack is network-based with low complexity and does not require user interaction [1].
Impact
Successful exploitation leads to unauthorized disclosure of sensitive information contained in reports [1]. The CVSS vector indicates a high impact on confidentiality (C:H) with no impact on integrity or availability (I:N/A:N), resulting in a base score of 6.5 [1].
Mitigation
Dell released Wyse Management Suite version 3.7 to address this vulnerability; users should upgrade to 3.7 or later [1]. No workaround is documented in the available references [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=3.6.1
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.