Details of VAR-202003-0583

ID

VAR-202003-0583

CVE

CVE-2019-3769

TITLE

Dell Wyse Management Suite Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014964

DESCRIPTION

Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. The offering includes Wyse endpoint centralized management, asset tracking and automatic device discovery. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.71

sources: NVD: CVE-2019-3769 // JVNDB: JVNDB-2019-014964 // VULHUB: VHN-155204

AFFECTED PRODUCTS

vendor:	dell	model:	wyse management suite	scope:	lt	version:	1.4.1	Trust: 1.0
vendor:	dell	model:	wyse management suite	scope:	eq	version:	1.4.1	Trust: 0.8

sources: JVNDB: JVNDB-2019-014964 // NVD: CVE-2019-3769

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-3769
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2019-3769
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2019-014964
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202003-875
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-155204
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-3769
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-014964
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-155204
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-3769
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	2.7
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2019-3769
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	2.7
version:	3.0
Trust: 1.0
NVD:	JVNDB-2019-014964
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-155204 // JVNDB: JVNDB-2019-014964 // CNNVD: CNNVD-202003-875 // NVD: CVE-2019-3769 // NVD: CVE-2019-3769

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-155204 // JVNDB: JVNDB-2019-014964 // NVD: CVE-2019-3769

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-875

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202003-875

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014964

PATCH

title:	DSA-2019-161	url:	https://www.dell.com/support/article/SLN319512	Trust: 0.8
title:	Dell Wyse Management Suite Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112349	Trust: 0.6

sources: JVNDB: JVNDB-2019-014964 // CNNVD: CNNVD-202003-875

EXTERNAL IDS

db:	NVD	id:	CVE-2019-3769	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-014964	Trust: 0.8
db:	CNNVD	id:	CNNVD-202003-875	Trust: 0.7
db:	CNVD	id:	CNVD-2020-17378	Trust: 0.1
db:	VULHUB	id:	VHN-155204	Trust: 0.1

sources: VULHUB: VHN-155204 // JVNDB: JVNDB-2019-014964 // CNNVD: CNNVD-202003-875 // NVD: CVE-2019-3769

REFERENCES

url:	https://www.dell.com/support/article/sln319512	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3769	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3769	Trust: 0.8

sources: VULHUB: VHN-155204 // JVNDB: JVNDB-2019-014964 // CNNVD: CNNVD-202003-875 // NVD: CVE-2019-3769

SOURCES

db:	VULHUB	id:	VHN-155204
db:	JVNDB	id:	JVNDB-2019-014964
db:	CNNVD	id:	CNNVD-202003-875
db:	NVD	id:	CVE-2019-3769

LAST UPDATE DATE

2024-11-23T22:16:37.154000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-155204	date:	2020-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-014964	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-875	date:	2020-03-19T00:00:00
db:	NVD	id:	CVE-2019-3769	date:	2024-11-21T04:42:29.760

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-155204	date:	2020-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-014964	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-875	date:	2020-03-13T00:00:00
db:	NVD	id:	CVE-2019-3769	date:	2020-03-13T21:15:11.830