Details of VAR-202101-0520

ID

VAR-202101-0520

CVE

CVE-2020-29497

TITLE

Dell Wyse Management Suite Cross-site Scripting Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-015084

DESCRIPTION

Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code under the device tag. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. The offering includes Wyse endpoint centralized management, asset tracking and automatic device discovery

Trust: 1.8

sources: NVD: CVE-2020-29497 // JVNDB: JVNDB-2020-015084 // VULHUB: VHN-376201 // VULMON: CVE-2020-29497

AFFECTED PRODUCTS

vendor:	dell	model:	wyse management suite	scope:	lt	version:	3.1	Trust: 1.0
vendor:	デル	model:	dell wyse management suite	scope:	eq	version:	3.1	Trust: 0.8
vendor:	デル	model:	dell wyse management suite	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-015084 // NVD: CVE-2020-29497

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-29497
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2020-29497
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-29497
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202101-035
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-376201
value:	LOW
Trust: 0.1
VULMON:	CVE-2020-29497
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-29497
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-376201
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

security_alert@emc.com:	CVE-2020-29497
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2020-29497
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-376201 // VULMON: CVE-2020-29497 // JVNDB: JVNDB-2020-015084 // CNNVD: CNNVD-202101-035 // NVD: CVE-2020-29497 // NVD: CVE-2020-29497

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-376201 // JVNDB: JVNDB-2020-015084 // NVD: CVE-2020-29497

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-035

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202101-035

PATCH

title:	DSA-2020-282	url:	https://www.dell.com/support/kbdoc/ja-jp/000180983/dsa-2020-282	Trust: 0.8
title:	DELL Dell Wyse Management Suite Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138301	Trust: 0.6

sources: JVNDB: JVNDB-2020-015084 // CNNVD: CNNVD-202101-035

EXTERNAL IDS

db:	NVD	id:	CVE-2020-29497	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-015084	Trust: 0.8
db:	CNNVD	id:	CNNVD-202101-035	Trust: 0.6
db:	VULHUB	id:	VHN-376201	Trust: 0.1
db:	VULMON	id:	CVE-2020-29497	Trust: 0.1

sources: VULHUB: VHN-376201 // VULMON: CVE-2020-29497 // JVNDB: JVNDB-2020-015084 // CNNVD: CNNVD-202101-035 // NVD: CVE-2020-29497

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000180983/dsa-2020-282	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29497	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-376201 // VULMON: CVE-2020-29497 // JVNDB: JVNDB-2020-015084 // CNNVD: CNNVD-202101-035 // NVD: CVE-2020-29497

SOURCES

db:	VULHUB	id:	VHN-376201
db:	VULMON	id:	CVE-2020-29497
db:	JVNDB	id:	JVNDB-2020-015084
db:	CNNVD	id:	CNNVD-202101-035
db:	NVD	id:	CVE-2020-29497

LAST UPDATE DATE

2024-11-23T22:44:18.191000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-376201	date:	2021-01-06T00:00:00
db:	VULMON	id:	CVE-2020-29497	date:	2021-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-015084	date:	2021-09-10T02:27:00
db:	CNNVD	id:	CNNVD-202101-035	date:	2021-01-12T00:00:00
db:	NVD	id:	CVE-2020-29497	date:	2024-11-21T05:24:07.123

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-376201	date:	2021-01-04T00:00:00
db:	VULMON	id:	CVE-2020-29497	date:	2021-01-04T00:00:00
db:	JVNDB	id:	JVNDB-2020-015084	date:	2021-09-10T00:00:00
db:	CNNVD	id:	CNNVD-202101-035	date:	2021-01-04T00:00:00
db:	NVD	id:	CVE-2020-29497	date:	2021-01-04T22:15:13.797