Wyse Management Suite Repository
by Dell
CVEs (51)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-29096 | 0.00 | — | 0.01 | Jun 24, 2022 | Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim… | |||
| CVE-2022-23155 | 0.00 | — | 0.01 | Apr 1, 2022 | Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code on the system. | |||
| CVE-2021-36337 | 0.00 | — | 0.00 | Dec 21, 2021 | Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data. | |||
| CVE-2021-36336 | 0.00 | — | 0.03 | Dec 21, 2021 | Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system. | |||
| CVE-2021-21587 | 0.00 | — | 0.05 | Jul 15, 2021 | Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files and folders. | |||
| CVE-2021-21533 | 0.00 | — | 0.00 | Apr 2, 2021 | Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users that would have normally access to the same subset of job details | |||
| CVE-2020-29498 | 0.00 | — | 0.00 | Jan 4, 2021 | Dell Wyse Management Suite versions prior to 3.1 contain an open redirect vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously… | |||
| CVE-2020-29497 | 0.00 | — | 0.00 | Jan 4, 2021 | Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code under the device tag. When victim users… | |||
| CVE-2020-29496 | 0.00 | — | 0.00 | Jan 4, 2021 | Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with high privileges could exploit this vulnerability to store malicious HTML or JavaScript code while creating the Enduser. When victim… | |||
| CVE-2019-3770 | 0.00 | — | 0.00 | Mar 13, 2020 | Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim… | |||
| CVE-2019-3769 | 0.00 | — | 0.00 | Mar 13, 2020 | Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access… |
- CVE-2022-29096Jun 24, 2022risk 0.00cvss —epss 0.01
Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim…
- CVE-2022-23155Apr 1, 2022risk 0.00cvss —epss 0.01
Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code on the system.
- CVE-2021-36337Dec 21, 2021risk 0.00cvss —epss 0.00
Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data.
- CVE-2021-36336Dec 21, 2021risk 0.00cvss —epss 0.03
Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system.
- CVE-2021-21587Jul 15, 2021risk 0.00cvss —epss 0.05
Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files and folders.
- CVE-2021-21533Apr 2, 2021risk 0.00cvss —epss 0.00
Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users that would have normally access to the same subset of job details
- CVE-2020-29498Jan 4, 2021risk 0.00cvss —epss 0.00
Dell Wyse Management Suite versions prior to 3.1 contain an open redirect vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously…
- CVE-2020-29497Jan 4, 2021risk 0.00cvss —epss 0.00
Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code under the device tag. When victim users…
- CVE-2020-29496Jan 4, 2021risk 0.00cvss —epss 0.00
Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with high privileges could exploit this vulnerability to store malicious HTML or JavaScript code while creating the Enduser. When victim…
- CVE-2019-3770Mar 13, 2020risk 0.00cvss —epss 0.00
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim…
- CVE-2019-3769Mar 13, 2020risk 0.00cvss —epss 0.00
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access…
Page 3 of 3