Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-29498

Dell Wyse Management Suite versions prior to 3.1 contain an open redirect vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.

Published

2021-01-04T22:15:13.873

Last Modified

2024-11-21T05:24:07.267

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-601
Type: Primary
CWE-601

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dell	wyse_management_suite	< 3.1	Yes

References

https://www.dell.com/support/kbdoc/en-us/000180983/dsa-2020-282 Vendor Advisory ([email protected])
https://www.dell.com/support/kbdoc/en-us/000180983/dsa-2020-282 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)