Wyse Management Suite
CVE-2021-21586
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system.
AnalysisAI
Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-36. Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system. Affected products include: Dell Wyse Management Suite.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Wyse Management Suite
View allRemote code execution affects Dell Wyse Management Suite in all versions prior to WMS 5.5 HF1, stemming from the applica
Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticat
Dell Wyse Management Suite versions prior to 5.5 suffer from improper access controls that allow authenticated remote at
Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. Rated high sever
Dell Wyse Management Suite versions prior to 5.2 contain an Absolute Path Traversal vulnerability (CWE-36) that allows u
Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Rated high severity (CVS
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Querie
A information disclosure vulnerability in an Exposure of Sensitive Information (CVSS 7.5). High severity vulnerability r
Dell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages. Rated high severity (
Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 whi
Remote code execution in Dell Wyse Management Suite (versions prior to WMS 5.5 HF1) is reachable through a path traversa
Remote code execution in Dell Wyse Management Suite versions before 5.5 via unrestricted file upload allows high-privile
Same weakness CWE-36 – Absolute Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today