CVE-2022-33927
Description
Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation vulnerability. A unauthenticated attacker could exploit this by taking advantage of a user with multiple active sessions in order to hijack a user's session.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Dell Wyse Management Suite 3.6.1 and below has a session fixation vulnerability allowing unauthenticated attackers to hijack user sessions.
Vulnerability
Dell Wyse Management Suite (WMS) versions 3.7 and earlier, including 3.6.1, contain a session fixation vulnerability [1]. The bug allows an attacker to fixate a user's session identifier, enabling session hijacking.
Exploitation
An unauthenticated attacker can exploit this by taking advantage of a user with multiple active sessions [1]. The attacker must lure the user into using a session identifier controlled by the attacker, possibly through social engineering or by injecting a known session ID.
Impact
Successful exploitation allows the attacker to hijack a user's session [1], leading to potential disclosure of sensitive information and limited integrity impact (CVSS 5.4, AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).
Mitigation
Dell has addressed this vulnerability in Wyse Management Suite version 3.7.1 [1]. Users should upgrade to this or later versions. No workarounds are mentioned in the referenced advisory.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=3.6.1
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.