CVE-2022-46754
Description
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to configure user controlled external entities.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Wyse Management Suite 3.8 and earlier has an improper access control vulnerability allowing authenticated admin users to access unauthorized pro license features.
Vulnerability
Wyse Management Suite versions 3.8 and earlier contain an improper access control vulnerability [1]. An authenticated malicious admin user can access certain pro license features for which they are not authorized, enabling configuration of user-controlled external entities.
Exploitation
An attacker with authenticated admin privileges can exploit this vulnerability over the network without user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N) [1]. The attacker leverages the improper access control to invoke unauthorized pro license features.
Impact
Successful exploitation results in high confidentiality and integrity impact, as the attacker can configure external entities and potentially access sensitive information [1]. The scope is changed, meaning the compromise extends beyond the vulnerable component.
Mitigation
Dell has released a security update to address this vulnerability; refer to DSA-2022-329 for patching instructions [1]. Users should update Wyse Management Suite to the latest available version. No workarounds are documented.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=3.8
- Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.