Details of VAR-202003-0584

ID

VAR-202003-0584

CVE

CVE-2019-3770

TITLE

Dell Wyse Management Suite Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014965

DESCRIPTION

Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. The offering includes Wyse endpoint centralized management, asset tracking and automatic device discovery. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.71

sources: NVD: CVE-2019-3770 // JVNDB: JVNDB-2019-014965 // VULHUB: VHN-155205

AFFECTED PRODUCTS

vendor:	dell	model:	wyse management suite	scope:	lt	version:	1.4.1	Trust: 1.0
vendor:	dell	model:	wyse management suite	scope:	eq	version:	1.4.1	Trust: 0.8

sources: JVNDB: JVNDB-2019-014965 // NVD: CVE-2019-3770

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-3770
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2019-3770
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2019-014965
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202003-876
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-155205
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-3770
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-014965
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-155205
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-3770
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	2.7
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2019-3770
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	2.7
version:	3.0
Trust: 1.0
NVD:	JVNDB-2019-014965
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-155205 // JVNDB: JVNDB-2019-014965 // CNNVD: CNNVD-202003-876 // NVD: CVE-2019-3770 // NVD: CVE-2019-3770

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-155205 // JVNDB: JVNDB-2019-014965 // NVD: CVE-2019-3770

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-876

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202003-876

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014965

PATCH

title:	DSA-2019-161	url:	https://www.dell.com/support/article/SLN319512	Trust: 0.8
title:	Dell Wyse Management Suite Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112350	Trust: 0.6

sources: JVNDB: JVNDB-2019-014965 // CNNVD: CNNVD-202003-876

EXTERNAL IDS

db:	NVD	id:	CVE-2019-3770	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-014965	Trust: 0.8
db:	CNNVD	id:	CNNVD-202003-876	Trust: 0.7
db:	CNVD	id:	CNVD-2020-17374	Trust: 0.1
db:	VULHUB	id:	VHN-155205	Trust: 0.1

sources: VULHUB: VHN-155205 // JVNDB: JVNDB-2019-014965 // CNNVD: CNNVD-202003-876 // NVD: CVE-2019-3770

REFERENCES

url:	https://www.dell.com/support/article/sln319512	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3770	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3770	Trust: 0.8

sources: VULHUB: VHN-155205 // JVNDB: JVNDB-2019-014965 // CNNVD: CNNVD-202003-876 // NVD: CVE-2019-3770

SOURCES

db:	VULHUB	id:	VHN-155205
db:	JVNDB	id:	JVNDB-2019-014965
db:	CNNVD	id:	CNNVD-202003-876
db:	NVD	id:	CVE-2019-3770

LAST UPDATE DATE

2024-11-23T23:04:27.610000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-155205	date:	2020-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-014965	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-876	date:	2020-03-19T00:00:00
db:	NVD	id:	CVE-2019-3770	date:	2024-11-21T04:42:29.870

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-155205	date:	2020-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-014965	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-876	date:	2020-03-13T00:00:00
db:	NVD	id:	CVE-2019-3770	date:	2020-03-13T21:15:11.940