Lucene search

DellCVELIST:CVE-2021-36336

HistoryDec 21, 2021 - 5:05 p.m.

CVE-2021-36336

2021-12-2117:05:26

CWE-502

dell

www.cve.org

cve-2021-36336

deserialization vulnerability

unauthenticated attacker

execute code

affected system

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.004

Percentile

73.1%

JSON

Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system.

CNA Affected

[
  {
    "product": "Wyse Management Suite",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "3.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/000193079

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.004

Percentile

73.1%

JSON

Related for CVELIST:CVE-2021-36336