CVE-2021-21598 — Log File Information Exposure in Dell Wyse Thinos

CWE-532 — Log File Information Exposure2 documents2 sources

Severity

3.9LOWNVD

EPSS

0.1%

top 83.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Wyse Thinos

Timeline

PublishedAug 10

Latest updateMay 24

Description

Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. An authenticated attacker with physical access to the system could exploit this vulnerability to read sensitive Smartcard data in log files.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.3 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5dell/wyse_thinos9.0, 9.1, 9.1 MR1

▶NVDdell/wyse_thinos9.0, 9.1+1

Patches

Patch: www.dell.com ↗Patch: www.dell.com ↗

🔴Vulnerability Details

GHSA

GHSA-c49h-jv3f-mrwc: Dell Wyse ThinOS, versions 9↗2022-05-24

▶