Cleartext Storage of Sensitive Information in GUI

CVE-2022-29090

High

8.5/10

Summary

Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. A low privileged malicious user could potentially exploit this vulnerability in order to obtain credentials. The attacker may be able to use the exposed credentials to access the target device and perform unauthorized actions.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: CHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-317 - Cleartext Storage of Sensitive Information in GUI

The application stores sensitive information in cleartext within the GUI.

References

Advisory Timeline

Published Aug 10, 2022

Cleartext Storage of Sensitive Information in GUI

CVE-2022-29090

Summary

CWE-317 - Cleartext Storage of Sensitive Information in GUI

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS