Details of VAR-202101-0519

ID

VAR-202101-0519

CVE

CVE-2020-29496

TITLE

Dell Wyse Management Suite Cross-site Scripting Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-015085

DESCRIPTION

Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with high privileges could exploit this vulnerability to store malicious HTML or JavaScript code while creating the Enduser. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. The offering includes Wyse endpoint centralized management, asset tracking and automatic device discovery

Trust: 1.8

sources: NVD: CVE-2020-29496 // JVNDB: JVNDB-2020-015085 // VULHUB: VHN-376200 // VULMON: CVE-2020-29496

AFFECTED PRODUCTS

vendor:	dell	model:	wyse management suite	scope:	lt	version:	3.1	Trust: 1.0
vendor:	デル	model:	dell wyse management suite	scope:	eq	version:	3.1	Trust: 0.8
vendor:	デル	model:	dell wyse management suite	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-015085 // NVD: CVE-2020-29496

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-29496
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2020-29496
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-29496
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202101-032
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-376200
value:	LOW
Trust: 0.1
VULMON:	CVE-2020-29496
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-29496
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-376200
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

security_alert@emc.com:	CVE-2020-29496
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	2.7
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2020-29496
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	2.7
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-376200 // VULMON: CVE-2020-29496 // JVNDB: JVNDB-2020-015085 // CNNVD: CNNVD-202101-032 // NVD: CVE-2020-29496 // NVD: CVE-2020-29496

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-376200 // JVNDB: JVNDB-2020-015085 // NVD: CVE-2020-29496

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-032

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202101-032

PATCH

title:	DSA-2020-282	url:	https://www.dell.com/support/kbdoc/ja-jp/000180983/dsa-2020-282	Trust: 0.8
title:	DELL Dell Wyse Management Suite Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138300	Trust: 0.6

sources: JVNDB: JVNDB-2020-015085 // CNNVD: CNNVD-202101-032

EXTERNAL IDS

db:	NVD	id:	CVE-2020-29496	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-015085	Trust: 0.8
db:	CNNVD	id:	CNNVD-202101-032	Trust: 0.6
db:	VULHUB	id:	VHN-376200	Trust: 0.1
db:	VULMON	id:	CVE-2020-29496	Trust: 0.1

sources: VULHUB: VHN-376200 // VULMON: CVE-2020-29496 // JVNDB: JVNDB-2020-015085 // CNNVD: CNNVD-202101-032 // NVD: CVE-2020-29496

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000180983/dsa-2020-282	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29496	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-376200 // VULMON: CVE-2020-29496 // JVNDB: JVNDB-2020-015085 // CNNVD: CNNVD-202101-032 // NVD: CVE-2020-29496

SOURCES

db:	VULHUB	id:	VHN-376200
db:	VULMON	id:	CVE-2020-29496
db:	JVNDB	id:	JVNDB-2020-015085
db:	CNNVD	id:	CNNVD-202101-032
db:	NVD	id:	CVE-2020-29496

LAST UPDATE DATE

2024-11-23T22:11:09.315000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-376200	date:	2021-01-06T00:00:00
db:	VULMON	id:	CVE-2020-29496	date:	2021-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-015085	date:	2021-09-10T03:24:00
db:	CNNVD	id:	CNNVD-202101-032	date:	2021-01-12T00:00:00
db:	NVD	id:	CVE-2020-29496	date:	2024-11-21T05:24:06.973

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-376200	date:	2021-01-04T00:00:00
db:	VULMON	id:	CVE-2020-29496	date:	2021-01-04T00:00:00
db:	JVNDB	id:	JVNDB-2020-015085	date:	2021-09-10T00:00:00
db:	CNNVD	id:	CNNVD-202101-032	date:	2021-01-04T00:00:00
db:	NVD	id:	CVE-2020-29496	date:	2021-01-04T22:15:13.733