CVE-2022-33925

Published Aug 10, 2022

Last updated 6 months ago

CVSS medium 6.5

Overview

Description: Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An remote authenticated attacker could potentially exploit this vulnerability by bypassing access controls in order to download reports containing sensitive information.
Source: security_alert@emc.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

security_alert@emc.com: CWE-284
nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A7348AD-CC08-4060-9709-DF24E4AFB092",
            "versionEndExcluding": "3.8.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.