CVE-2023-32482

CWE-285 CWE-863 — Incorrect Authorization3 documents3 sources

Severity

4.9MEDIUM

EPSS

0.1%

top 76.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Wyse Management Suite

Timeline

PublishedJul 20

Description

Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDdell/wyse_management_suite< 4.0

▶CVEListV5dell/wyse_management_suite4.0 and below

🔴Vulnerability Details

CVEList

CVE-2023-32482: Wyse Management Suite versions prior to 4↗2023-07-20

▶

GHSA

GHSA-pwwr-37c5-wrqp: Wyse Management Suite versions prior to 4↗2023-07-20

▶