SB2023081802 - Multiple vulnerabilities in Dell Wyse Management Suite

Security Bulletin ID SB2023081802

Severity

Low

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2023-32481)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to the application does not properly control consumption of internal resources. A remote user can flood the configured SMTP server with numerous requests in order to deny access to the system.

2) Incorrect authorization (CVE-ID: CVE-2023-32482)

The vulnerability allows a remote privileged user to modify files on the system.

The vulnerability exists due to excessive data output by the application. A remote privileged user can push policies to unauthorized tenant group.

3) Cleartext storage of sensitive information (CVE-ID: CVE-2023-32483)

The vulnerability allows a local privileged user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A local privileged user can gain unauthorized access to sensitive information on the system.

Remediation

Install update from vendor's website.

References

https://www.dell.com/support/kbdoc/nl-nl/000215351/dsa-2023-240-dell-wyse-management-suite