CVE-2022-33928Plaintext Storage of a Password in Dell Wyse Management Suite

CWE-256Plaintext Storage of a PasswordCWE-312Cleartext Storage of Sensitive Info3 documents3 sources
Severity
8.8HIGHNVD
CNA6.4
EPSS
0.1%
top 68.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dell Wyse Management Suite
Timeline
PublishedAug 10
Latest updateAug 11

Description

Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5dell/wyse_management_suiteunspecified3.7

🔴Vulnerability Details

2
GHSA
GHSA-m23h-q673-4jcq: Dell Wyse Management Suite 32022-08-11
CVEList
CVE-2022-33928: Dell Wyse Management Suite 32022-08-10
CVE-2022-33928 — Plaintext Storage of a Password | cvebase