CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24906
https://notcve.org/view.php?id=CVE-2024-24906
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. • https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24900
https://notcve.org/view.php?id=CVE-2024-24900
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to information disclosure and unauthorized access to the system. • https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities • CWE-285: Improper Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39252
https://notcve.org/view.php?id=CVE-2023-39252
Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. Dell SCG Policy Manager 5.16.00.14 contiene una vulnerabilidad de algoritmo criptográfico roto. Un atacante remoto no autenticado podría explotar esta vulnerabilidad realizando ataques MitM y permitiendo que los atacantes obtengan información sensible. • https://www.dell.com/support/kbdoc/en-us/000217683/dsa-2023-321-security-update-for-dell-secure-connect-gateway-security-policy-manager-vulnerabilities • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34442
https://notcve.org/view.php?id=CVE-2022-34442
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. Dell EMC SCG Policy Manager, en sus versiones de la 5.10 a la 5.12, contiene una vulnerabilidad de clave criptográfica codificada. Un atacante con conocimiento de la información confidencial codificada podría explotar esta vulnerabilidad para iniciar sesión en el sistema y obtener privilegios de usuario LDAP. • https://www.dell.com/support/kbdoc/en-us/000204995/dsa-2022-273-dell-secure-connect-gateway-policy-manager-security-update-for-multiple-proprietary-code-vulnerabilities • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34462
https://notcve.org/view.php?id=CVE-2022-34462
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. Todas las versiones de Dell EMC SCG Policy Manager desde la 5.10 a 5.12, contienen una vulnerabilidad de contraseña codificada. Un atacante, con conocimiento de las credenciales codificadas, podría explotar esta vulnerabilidad para iniciar sesión en el sistema y obtener privilegios de administrador. • https://www.dell.com/support/kbdoc/en-us/000204995/dsa-2022-273-dell-secure-connect-gateway-policy-manager-security-update-for-multiple-proprietary-code-vulnerabilities • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •