8.7
CVE-2022-46754
- EPSS 0.19%
- Veröffentlicht 11.02.2023 01:23:25
- Zuletzt bearbeitet 21.11.2024 07:31:00
- Quelle security_alert@emc.com
- CVE-Watchlists
- Unerledigt
LoginWyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to configure user controlled external entities.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dell ≫ Wyse Management Suite Version <= 3.8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.408 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 1.2 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
|
| security_alert@emc.com | 8.7 | 2.3 | 5.8 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.