Wyse Management Suite Wms
Monthly
SQL injection in Dell Wyse Management Suite (WMS) versions prior to 2605 allows authenticated low-privileged remote attackers to manipulate backend database queries and gain unauthorized access to data and management functions. The CVSS 8.1 rating reflects high confidentiality and availability impact via network-reachable management interfaces, though no public exploit was identified at time of analysis.
SQL injection in Dell Wyse Management Suite (WMS) versions prior to 2605 allows authenticated low-privileged remote attackers to manipulate backend database queries, leading to unauthorized data access and potential integrity or availability impact. The CVSS 8.8 rating reflects high impact across confidentiality, integrity, and availability under low attack complexity, though no public exploit identified at time of analysis. The flaw is tagged with 'Authentication Bypass' implications, suggesting the SQLi could be leveraged to escalate beyond the attacker's initial low-privilege context.
Dell Wyse Management Suite (WMS) versions prior to 2605 ships with default credentials, enabling a high-privileged local attacker to authenticate using those credentials and access sensitive information. Reported by Dell under DSA-2026-247, the flaw is classified under CWE-1392 (Use of Default Credentials) and carries a CVSS 3.1 base score of 6.0, reflecting local-only attack surface constrained by the requirement for high privilege. No public exploit code or CISA KEV listing has been identified at time of analysis.
Local privilege-bound symlink abuse in Dell Wyse Management Suite (WMS) versions prior to 2605 allows a low-privileged local user to gain unauthorized access to files or resources they should not reach. The flaw is rooted in improper link resolution before file access (CWE-59), and while no public exploit has been identified at time of analysis, the CVSS 7.8 score reflects full confidentiality, integrity, and availability impact once the local prerequisite is met.
SQL injection in Dell Wyse Management Suite (WMS) versions prior to 2605 allows authenticated low-privileged remote attackers to manipulate backend database queries and gain unauthorized access to data and management functions. The CVSS 8.1 rating reflects high confidentiality and availability impact via network-reachable management interfaces, though no public exploit was identified at time of analysis.
SQL injection in Dell Wyse Management Suite (WMS) versions prior to 2605 allows authenticated low-privileged remote attackers to manipulate backend database queries, leading to unauthorized data access and potential integrity or availability impact. The CVSS 8.8 rating reflects high impact across confidentiality, integrity, and availability under low attack complexity, though no public exploit identified at time of analysis. The flaw is tagged with 'Authentication Bypass' implications, suggesting the SQLi could be leveraged to escalate beyond the attacker's initial low-privilege context.
Dell Wyse Management Suite (WMS) versions prior to 2605 ships with default credentials, enabling a high-privileged local attacker to authenticate using those credentials and access sensitive information. Reported by Dell under DSA-2026-247, the flaw is classified under CWE-1392 (Use of Default Credentials) and carries a CVSS 3.1 base score of 6.0, reflecting local-only attack surface constrained by the requirement for high privilege. No public exploit code or CISA KEV listing has been identified at time of analysis.
Local privilege-bound symlink abuse in Dell Wyse Management Suite (WMS) versions prior to 2605 allows a low-privileged local user to gain unauthorized access to files or resources they should not reach. The flaw is rooted in improper link resolution before file access (CWE-59), and while no public exploit has been identified at time of analysis, the CVSS 7.8 score reflects full confidentiality, integrity, and availability impact once the local prerequisite is met.