CVE-2022-29097 — Relative Path Traversal in Dell Wyse Management Suite

CWE-23 — Relative Path Traversal CWE-22 — Path Traversal3 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

0.2%

top 57.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Wyse Management Suite

Timeline

PublishedJun 24

Latest updateJun 25

Description

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5dell/wyse_management_suiteunspecified — 3.6.1

▶NVDdell/wyse_management_suite3.6.1

🔴Vulnerability Details

GHSA

GHSA-hm7j-m87f-5473: Dell WMS 3↗2022-06-25

▶

CVEList

CVE-2022-29097: Dell WMS 3↗2022-06-24

▶