Lucene search

DellCVELIST:CVE-2021-36337

HistoryDec 21, 2021 - 5:05 p.m.

CVE-2021-36337

2021-12-2117:05:27

CWE-326

dell

www.cve.org

dell wyse

management suite

tls 1.0

tls 1.1

man-in-the-middle

confidentiality

integrity

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

EPSS

0.001

Percentile

47.8%

JSON

Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data.

CNA Affected

[
  {
    "product": "Wyse Management Suite",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "3.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/000193079

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

EPSS

0.001

Percentile

47.8%

JSON

Related for CVELIST:CVE-2021-36337