Bugbounty2K20

**Name of the Vulnerable Software and Affected Versions** Dell WMS versions 3.6.1 and below **Description** The issue allows a remote attacker to potentially exploit a Path Traversal vulnerability in the Device API, gaining unauthorized read access to files stored on the server filesystem with the privileges of the running web application. **Recommendations** For Dell WMS versions 3.6.1 and below, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell Wyse Management Suite versions 2.0 through 3.5.2 **Description** The issue is related to an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability to execute arbitrary code on the system. **Recommendations** For Dell Wyse Management Suite versions 2.0 through 3.5.2, consider restricting admin privileges and access to file upload functionality until a patch is available. As a temporary workaround, consider disabling file upload functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.