Lucene search

[email protected]NVD:CVE-2021-21586

HistoryJul 15, 2021 - 5:15 p.m.

CVE-2021-21586

2021-07-1517:15:08

CWE-36

CWE-22

[email protected]

web.nvd.nist.gov

wyse management suite

absolute path traversal

vulnerability

remote authenticated user

arbitrary files

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:C/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

53.5%

JSON

Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system.

Affected configurations

Nvd

Node

dellwyse_management_suiteRange≤3.2

VendorProductVersionCPE
dellwyse_management_suite*cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	wyse_management_suite	*	cpe:2.3:a:dell:wyse_management_suite::::::::

References

www.dell.com/support/kbdoc/000189363

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:C/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

53.5%

JSON

Related for NVD:CVE-2021-21586

prion1 cvelist1 cve1 cnvd1