CVE-2022-33931

Published Aug 10, 2022

Last updated 6 months ago

CVSS medium 6.3

Overview

Description: Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An attacker with no access to Alert Classification page could potentially exploit this vulnerability, leading to the change the alert categories.
Source: security_alert@emc.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Severity: MEDIUM

Weaknesses

security_alert@emc.com: CWE-284
nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A7348AD-CC08-4060-9709-DF24E4AFB092",
            "versionEndExcluding": "3.8.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.