NotCVE - vendor:"Dell" product:"Secure Connect Gateway-Application" version:" >= 5.18.00.20 <= 5.22.00.18"

7 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-29169

https://notcve.org/view.php?id=CVE-2024-29169

13 Jun 2024 — Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data. Dell SCG, versiones anteriores a 5.22.00.00, contienen una vulnerabilidad de inyección SQL en la interfaz de usuario de SCG para una API REST de au... • https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-29168

https://notcve.org/view.php?id=CVE-2024-29168

13 Jun 2024 — Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data. Dell SCG, versiones anteriores a 5.22.00.00, contienen una vulnerabilidad de inyección SQL en la interfaz de usuario de SCG para una API REST de a... • https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-28969

https://notcve.org/view.php?id=CVE-2024-28969

13 Jun 2024 — Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources. Dell SCG, versiones anteriores a 5.24.00.00, contienen una vulne... • https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities • CWE-284: Improper Access Control •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-28968

https://notcve.org/view.php?id=CVE-2024-28968

13 Jun 2024 — Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state. Dell SCG, versiones ant... • https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities • CWE-284: Improper Access Control •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-28967

https://notcve.org/view.php?id=CVE-2024-28967

13 Jun 2024 — Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state. Dell SCG, versiones anteriores a 5.24.0... • https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities • CWE-284: Improper Access Control •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-28966

https://notcve.org/view.php?id=CVE-2024-28966

13 Jun 2024 — Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state. Dell SCG, versiones anteriores a 5.24.00.00,... • https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities • CWE-284: Improper Access Control •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-28965

https://notcve.org/view.php?id=CVE-2024-28965

13 Jun 2024 — Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state. Dell SCG, versiones anteriores a 5.... • https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities • CWE-284: Improper Access Control •