CVE-2021-21598

Published: Aug 10, 2021Modified: Nov 21, 2024

3.9

Vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.3 / Impact: 3.6

Source: NVD

Description

Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. An authenticated attacker with physical access to the system could exploit this vulnerability to read sensitive Smartcard data in log files.

Affected (3)

Products: Dell: Wyse Thinos

Dell

1 product

Wyse Thinos

Configuration A

3 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Dell Wyse Thinos	Version 9.0
Dell Wyse Thinos	Version 9.1
Dell Wyse Thinos	Version 9.1 mr1

Running on/with	Platform Versions
Dell Wyse 3040 Thin Client	All versions
Dell Wyse 5070 Thin Client	All versions
Dell Wyse 5470 Thin Client	All versions

Related CWEs

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://www.dell.com/support/kbdoc/000189543

Source: security_alert@emc.com

PatchVendor Advisory

https://www.dell.com/support/kbdoc/000189543

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.