CVE-2022-29097

MEDIUM

Dell Wyse Management Suite < 3.6.1 - Path Traversal in Device API

Title source: llm

Description

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.dell.com/support/kbdoc/en-us/000200215/dsa-2022-143-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities

Scores

CVSS v3 4.9

EPSS 0.0020

EPSS Percentile 42.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22 CWE-23

Status published

Products (1)

dell/wyse_management_suite < 3.6.1

Published Jun 24, 2022

Tracked Since Feb 18, 2026