Dell Wyse MS 3.6.1 & Below: Sensitive Data Exposure CVE-2022-29090
CVE-2022-29090 Published on August 10, 2022
Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. A low privileged malicious user could potentially exploit this vulnerability in order to obtain credentials. The attacker may be able to use the exposed credentials to access the target device and perform unauthorized actions.
Vulnerability Analysis
CVE-2022-29090 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
Cleartext Storage of Sensitive Information in GUI
The application stores sensitive information in cleartext within the GUI. An attacker can often obtain data from a GUI, even if hidden, by using an API to directly access GUI objects such as windows and menus. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
Products Associated with CVE-2022-29090
Want to know whenever a new CVE is published for Dell Wyse Management Suite? stack.watch will email you.
Affected Versions
Dell Wyse Management Suite:- Version unspecified and below 3.7 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.