cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-49596,https://securityvulnerability.io/vulnerability/CVE-2024-49596,Dell Wyse Management Suite Vulnerability Could Lead to Denial of Service and File Deletion,"Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion",Dell,"Wyse Management Suite,Wyse Management Suite Repository",6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T02:56:14.374Z,0
CVE-2024-49597,https://securityvulnerability.io/vulnerability/CVE-2024-49597,Dell Wyse Management Suite Vulnerability Could Lead to Protection Mechanism Bypass,"The vulnerability in Dell Wyse Management Suite, specifically versions 4.4 and earlier, relates to an improper restriction of excessive authentication attempts. This flaw could be exploited by attackers with high privileges and remote access, allowing them to bypass established protection mechanisms. Such an exploitation could lead to unauthorized access and pose significant security risks for systems managed by Wyse Management Suite.",Dell,Wyse Management Suite,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T02:50:47.797Z,0
CVE-2024-49595,https://securityvulnerability.io/vulnerability/CVE-2024-49595,Dell Wyse Management Suite vulnerability: Authentication Bypass risk,"The Dell Wyse Management Suite has been found to contain an Authentication Bypass vulnerability that could allow high-privileged attackers with remote access to exploit the system. This could potentially result in unauthorized actions leading to Denial of Service. Affected versions include 4.4 and earlier, emphasizing the need for immediate attention from users of the product to secure their systems against potential exploitation.",Dell,Wyse Management Suite,4.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T02:46:18.221Z,0
CVE-2023-32483,https://securityvulnerability.io/vulnerability/CVE-2023-32483,Sensitive Information Disclosure in Wyse Management Suite by Dell,"Wyse Management Suite versions prior to 4.0 are susceptible to a sensitive information disclosure vulnerability, which can be exploited by an authenticated attacker with local system access. This vulnerability enables the malicious actor to read sensitive data logged by the application, posing a significant risk to data confidentiality.",Dell,Wyse Management Suite,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-07-20T12:15:00.000Z,0
CVE-2023-32481,https://securityvulnerability.io/vulnerability/CVE-2023-32481,Denial-of-Service Vulnerability in Wyse Management Suite by Dell,"A denial-of-service vulnerability exists in Wyse Management Suite versions prior to 4.0, allowing an authenticated malicious user to exploit the system. By flooding the configured SMTP server with a vast number of requests, the attacker can disrupt access to the management suite, preventing legitimate users from utilizing its services effectively.",Dell,Wyse Management Suite,4.9,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2023-07-20T12:15:00.000Z,0
CVE-2023-32482,https://securityvulnerability.io/vulnerability/CVE-2023-32482,Improper Authorization Vulnerability in Wyse Management Suite by Dell,"Wyse Management Suite versions before 4.0 are susceptible to an improper authorization vulnerability. This flaw allows an authenticated attacker with privileged access to erroneously push configurations to unauthorized tenant groups, potentially compromising the integrity of system management and data security.",Dell,Wyse Management Suite,4.9,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2023-07-20T12:15:00.000Z,0
CVE-2022-46755,https://securityvulnerability.io/vulnerability/CVE-2022-46755,Improper Access Control in Wyse Management Suite by Dell,"Wyse Management Suite versions 3.8 and earlier have a vulnerability that allows an authenticated malicious admin user to edit general client policies for which they do not have authorization. This could lead to unauthorized changes and potential disruption in management operations, posing a significant risk to system integrity and security.",Dell,Wyse Management Suite,4.9,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2023-02-11T01:23:00.000Z,0
CVE-2022-46675,https://securityvulnerability.io/vulnerability/CVE-2022-46675,Information Disclosure in Wyse Management Suite by Dell,Wyse Management Suite versions 3.8 and earlier are susceptible to an information disclosure vulnerability. This flaw allows unauthenticated attackers to potentially reveal the internal architecture and components of the application. The exposed information could be leveraged for further exploitation and research into additional vulnerabilities. Organizations utilizing affected versions should prioritize updating their installations to mitigate possible security risks.,Dell,Wyse Management Suite,5.3,MEDIUM,0.0007699999841861427,false,,false,false,false,,,false,false,,2023-02-11T01:23:00.000Z,0
CVE-2022-46676,https://securityvulnerability.io/vulnerability/CVE-2022-46676,Improper Access Control in Wyse Management Suite by Dell,"Wyse Management Suite versions 3.8 and earlier are susceptible to an improper access control vulnerability. This issue allows a malicious administrator to disable or delete user accounts, including those of unassigned admins, from within the administration interface. Such unauthorized actions can disrupt user access and management functionality, creating potential security risks for organizations relying on this software.",Dell,Wyse Management Suite,4.9,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2023-02-11T01:23:00.000Z,0
CVE-2022-46677,https://securityvulnerability.io/vulnerability/CVE-2022-46677,Improper Access Control in Wyse Management Suite by Dell,The Wyse Management Suite versions 3.8 and earlier are prone to an improper access control vulnerability. This flaw enables a custom group admin to create a subgroup within a group for which they do not possess the necessary authorization. Such a security gap could potentially facilitate unauthorized access and manipulation of group settings and resources.,Dell,Wyse Management Suite,6.8,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2023-02-11T01:23:00.000Z,0
CVE-2022-46678,https://securityvulnerability.io/vulnerability/CVE-2022-46678,Improper Access Control in Wyse Management Suite by Dell,"The Wyse Management Suite by Dell, specifically versions 3.8 and below, contains a vulnerability characterized by improper access control. This vulnerability allows an authenticated malicious admin user to modify general client policies beyond their authorization level, potentially leading to unauthorized changes in system configurations and policies.",Dell,Wyse Management Suite,4.9,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2023-02-11T01:23:00.000Z,0
CVE-2022-46754,https://securityvulnerability.io/vulnerability/CVE-2022-46754,Access Control Flaw in Wyse Management Suite by Dell,"An improper access control vulnerability exists in Wyse Management Suite 3.8 and earlier, which allows authenticated malicious admin users to access pro license features without the required permissions. This access could enable these users to configure external entities controlled by users, posing significant security risks. Organizations using affected versions should implement necessary updates and security measures to mitigate potential exploitation.",Dell,Wyse Management Suite,8.7,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-02-11T01:23:00.000Z,0
CVE-2022-33930,https://securityvulnerability.io/vulnerability/CVE-2022-33930,Information Disclosure Vulnerability in Dell Wyse Management Suite,"The Dell Wyse Management Suite, specifically version 3.6.1 and earlier, is susceptible to a vulnerability that can lead to information disclosure. This issue arises from improper handling of error pages in devices managed by the suite. Attackers exploiting this vulnerability could potentially gain access to sensitive information, which might be leveraged to conduct further attacks or enhance their malicious research efforts. It is crucial for users to ensure they are running the latest version and to apply security updates to mitigate the risks associated with this vulnerability.",Dell,Wyse Management Suite,4.3,MEDIUM,0.0015699999639764428,false,,false,false,false,,,false,false,,2022-08-10T17:15:00.000Z,0
CVE-2022-33926,https://securityvulnerability.io/vulnerability/CVE-2022-33926,Improper Access Control in Dell Wyse Management Suite,"Dell Wyse Management Suite versions 3.6.1 and earlier have a significant improper access control flaw that allows a remote attacker to exploit the system. Through this vulnerability, an attacker can retain unauthorized access to a file repository even after their access rights have been revoked. Organizations using the affected versions should prioritize security updates to mitigate the risk associated with this vulnerability.",Dell,Wyse Management Suite,7.1,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-08-10T17:15:00.000Z,0
CVE-2022-34365,https://securityvulnerability.io/vulnerability/CVE-2022-34365,Path Traversal Vulnerability in Wyse Management Suite by Dell,"The Wyse Management Suite version 3.7 by Dell is impacted by a path traversal vulnerability that could allow attackers to gain unauthorized read access to sensitive files on the server's filesystem. By exploiting this flaw in the Device API, an attacker may leverage the privileges of the running web application, leading to potential data exposure and compromise. Security measures and updates are essential to mitigate this risk and protect sensitive information.",Dell,Wyse Management Suite,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-08-10T17:15:00.000Z,0
CVE-2022-33931,https://securityvulnerability.io/vulnerability/CVE-2022-33931,Improper Access Control in Dell Wyse Management Suite,"Dell Wyse Management Suite versions 3.6.1 and earlier are susceptible to an improper access control vulnerability within their user interface. This flaw allows an unauthorized attacker to manipulate alert categories without having access to the Alert Classification page, potentially compromising the integrity of the system's alert management. Organizations utilizing these affected versions should prioritize updating to mitigate this security risk.",Dell,Wyse Management Suite,6.3,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2022-08-10T17:15:00.000Z,0
CVE-2022-33924,https://securityvulnerability.io/vulnerability/CVE-2022-33924,Improper Access Control in Dell Wyse Management Suite,"Dell Wyse Management Suite versions 3.6.1 and earlier are susceptible to an improper access control vulnerability. This weakness allows attackers without necessary access privileges to exploit the system and create unauthorized rules, potentially leading to further compromises. It is critical for users to apply security updates promptly to mitigate any associated risks.",Dell,Wyse Management Suite,4.3,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2022-08-10T17:15:00.000Z,0
CVE-2022-33925,https://securityvulnerability.io/vulnerability/CVE-2022-33925,Access Control Weakness in Dell Wyse Management Suite,"Dell Wyse Management Suite versions 3.6.1 and earlier suffer from an improper access control vulnerability within its user interface. This issue allows remote authenticated attackers to bypass intended access restrictions, potentially enabling them to download sensitive reports that could compromise confidential information. Organizations using affected versions should evaluate their security posture and apply updates or mitigations to safeguard against potential exploitation.",Dell,Wyse Management Suite,6.5,MEDIUM,0.0012600000482052565,false,,false,false,false,,,false,false,,2022-08-10T17:15:00.000Z,0
CVE-2022-33927,https://securityvulnerability.io/vulnerability/CVE-2022-33927,Session Fixation Vulnerability in Dell Wyse Management Suite,"The Dell Wyse Management Suite 3.6.1 and earlier versions are susceptible to a session fixation vulnerability. This allows unauthenticated attackers to exploit scenarios where a user has multiple active sessions, potentially enabling the hijacking of a user's session. Proper session management mechanisms should be implemented to mitigate this risk.",Dell,Wyse Management Suite,5.4,MEDIUM,0.0007699999841861427,false,,false,false,false,,,false,false,,2022-08-10T17:15:00.000Z,0
CVE-2022-33928,https://securityvulnerability.io/vulnerability/CVE-2022-33928,Plain-text Password Storage Vulnerability in Dell Wyse Management Suite,"Dell Wyse Management Suite versions 3.6.1 and earlier are susceptible to a vulnerability that allows the storage of user credentials in plain text. This issue permits an attacker with limited privileges to access potentially sensitive information, enabling them to compromise user accounts and gain unauthorized access to the application. Immediate action is recommended to mitigate the risks associated with this vulnerability.",Dell,Wyse Management Suite,6.4,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2022-08-10T17:15:00.000Z,0
CVE-2022-33929,https://securityvulnerability.io/vulnerability/CVE-2022-33929,Reflected Cross-Site Scripting Vulnerability in Dell Wyse Management Suite,"Dell Wyse Management Suite versions 3.6.1 and earlier are susceptible to a reflected cross-site scripting vulnerability located in the EndUserSummary page. This flaw allows an authenticated attacker to inject and execute malicious HTML or JavaScript code within the web browser of an impacted user. If exploited, this vulnerability may lead to serious consequences such as information disclosure, session hijacking, and client-side request forgery, posing a significant risk to user security and data integrity.",Dell,Wyse Management Suite,6.1,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2022-08-10T17:15:00.000Z,0
CVE-2022-29090,https://securityvulnerability.io/vulnerability/CVE-2022-29090,Sensitive Data Exposure Vulnerability in Dell Wyse Management Suite,"Dell Wyse Management Suite versions 3.6.1 and earlier are subject to a vulnerability that exposes sensitive data. A low privileged attacker could exploit this weakness to gain access to credentials stored within the system. Once these credentials are obtained, the attacker may perform unauthorized actions on the target device, posing significant security risks to organizations utilizing the affected services. It is essential for users to review their systems and apply necessary updates to mitigate this vulnerability.",Dell,Wyse Management Suite,8.5,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-07-18T00:00:00.000Z,0
CVE-2022-29096,https://securityvulnerability.io/vulnerability/CVE-2022-29096,Reflected Cross-Site Scripting Vulnerability in Dell Wyse Management Suite,"Dell Wyse Management Suite versions 3.6.1 and earlier are susceptible to a reflected cross-site scripting (XSS) vulnerability found on the saveGroupConfigurations page. This weakness allows an authenticated attacker to inject malicious HTML or JavaScript code, which could be executed in the browser of a user interacting with the vulnerable application. Such exploitation poses significant risks, including but not limited to information disclosure, session theft, and client-side request forgery. It is crucial for users of affected versions to implement security updates to mitigate these risks.",Dell,Wyse Management Suite,6.1,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-06-24T17:15:00.000Z,0
CVE-2022-29097,https://securityvulnerability.io/vulnerability/CVE-2022-29097,Path Traversal Vulnerability in Dell Wyse Management Suite,"A vulnerability exists in Dell Wyse Management Suite versions 3.6.1 and earlier that allows a remote attacker to exploit path traversal flaws within the Device API. This exploitation can potentially provide unauthorized read access to sensitive files located on the server's filesystem, enabling attackers to access data with the same permissions as the running web application.",Dell,Wyse Management Suite,4.9,MEDIUM,0.001560000004246831,false,,false,false,false,,,false,false,,2022-06-24T17:15:00.000Z,0
CVE-2022-23155,https://securityvulnerability.io/vulnerability/CVE-2022-23155,Unrestricted File Upload Vulnerability in Dell Wyse Management Suite,"Dell Wyse Management Suite versions 2.0 through 3.5.2 are susceptible to an unrestricted file upload vulnerability. This issue allows an attacker with administrative privileges to upload malicious files, which could lead to arbitrary code execution on the server. If exploited, this vulnerability poses a significant security risk as it could enable unauthorized actions within the system. It is crucial for users to be aware of this vulnerability and take necessary measures to secure their installations.",Dell,Wyse Management Suite,7.2,HIGH,0.0010499999625608325,false,,false,false,false,,,false,false,,2022-04-01T20:15:00.000Z,0