CVE-2022-46675

Vulnerability

Wyse Management Suite Repository versions 3.8 and earlier contain an information disclosure vulnerability in error pages [1]. An unauthenticated attacker can trigger these error pages to reveal the internal structure of the application and its components [1].

Exploitation

An unauthenticated attacker with network access to the Wyse Management Suite Repository can send crafted requests that cause error pages to be generated [1]. No authentication or special privileges are required. The error pages expose details about the application's internal structure, such as file paths, configuration, or component names [1].

Impact

Successful exploitation allows the attacker to discover the internal structure of the application and its components [1]. This information can be used for further vulnerability research, potentially leading to more severe attacks, but the vulnerability itself does not directly result in data compromise or code execution [1].

Mitigation

Dell has released a security update as part of DSA-2022-329 to address this vulnerability [1]. Users should upgrade to the latest version of Wyse Management Suite Repository to mitigate the issue [1]. No workarounds are documented in the available references.