PT-2023-15016 · Dell · Wyse Management Suite
Published
2023-02-10
·
Updated
2023-02-21
·
CVE-2022-46755
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Wyse Management Suite versions 3.8 and below
Description
The issue is related to improper access control. An authenticated malicious admin user can edit the general client policy for which the user is not authorized.
Recommendations
For Wyse Management Suite versions 3.8 and below, update to a version above 3.8 to resolve the issue. As a temporary workaround, consider restricting access to the policy editing feature to minimize the risk of exploitation.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wyse Management Suite