CVE-2022-46754 HIGH

CVE-2022-46754

Vendor Dell

Product Wyse Management Suite

Weakness CWE-284

Published February 10, 2023

Last update March 21, 2025

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to configure user controlled external entities.

Key dates

02Disclosure timeline

February 10, 2023 CVE published

March 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-46754 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

04Related CVE

CVE-2023-2104 Improper Access Control in alextselegidis/easyappointments CVE-2021-1581 Cisco Application Policy Infrastructure Controller Command Injection and File Upload Vulnerabilities CVE-2026-1078 An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Edge. CVE-2023-0451 CVE-2023-33875