CVE-2024-49596 MEDIUM

CVE-2024-49596

Vendor Dell

Product Wyse Management Suite

Weakness CWE-862 · Missing authorization

Published November 26, 2024

Last update November 26, 2024

View on NVD All CVEs

CVSS base score

5.9/10

Attack vector Network

Attack complexity High

Privileges required High

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion

Key dates

02Disclosure timeline

November 26, 2024 CVE published

November 26, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-49596 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2023-52211 WordPress WP Job Manager plugin <= 2.0.0 - Broken Access Control vulnerability CVE-2024-35724 WordPress Bosa Elementor Addons and Templates for WooCommerce plugin <= 1.0.12 - Broken Access Control vulnerability CVE-2026-24527 WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.14.0 - Broken Access Control vulnerability CVE-2026-5347 WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter CVE-2026-22458 WordPress Wanderland theme <= 1.5 - Broken Access Control vulnerability

Identifiers

CVE CVE-2024-49596

CWE CWE-862

CVSS 5.9 / MEDIUM

Affected versions

Vendor Dell

Product Wyse Management Suite

Affected ≥ N/A and ≤ 4.4

Vendor Dell

Product Wyse Management Suite Repository

Affected ≥ N/A and ≤ 4.4