CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44293
https://notcve.org/view.php?id=CVE-2023-44293
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database. En la aplicación Dell Secure Connect Gateway y el dispositivo Secure Connect Gateway (entre v5.10.00.00 y v5.18.00.00), se identificó un problema de seguridad en el que un usuario malintencionado con una sesión de usuario válida puede inyectar contenido malicioso en filtros API de resto de rango de IP. Este problema puede provocar potencialmente la divulgación involuntaria de información de la base de datos del producto. • https://www.dell.com/support/kbdoc/en-us/000219372/dsa-2023-403-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39252
https://notcve.org/view.php?id=CVE-2023-39252
Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. Dell SCG Policy Manager 5.16.00.14 contiene una vulnerabilidad de algoritmo criptográfico roto. Un atacante remoto no autenticado podría explotar esta vulnerabilidad realizando ataques MitM y permitiendo que los atacantes obtengan información sensible. • https://www.dell.com/support/kbdoc/en-us/000217683/dsa-2023-321-security-update-for-dell-secure-connect-gateway-security-policy-manager-vulnerabilities • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28043
https://notcve.org/view.php?id=CVE-2023-28043
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text. • https://www.dell.com/support/kbdoc/en-us/000214205/dsa-2023-164-dell-secure-connect-gateway-security-update-for-multiple-vulnerabilities • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23695
https://notcve.org/view.php?id=CVE-2023-23695
Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. • https://www.dell.com/support/kbdoc/en-us/000208462/dsa-2023-020-dell-secure-connect-gateway-security-update-for-multiple-vulnerabilities • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34442
https://notcve.org/view.php?id=CVE-2022-34442
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. Dell EMC SCG Policy Manager, en sus versiones de la 5.10 a la 5.12, contiene una vulnerabilidad de clave criptográfica codificada. Un atacante con conocimiento de la información confidencial codificada podría explotar esta vulnerabilidad para iniciar sesión en el sistema y obtener privilegios de usuario LDAP. • https://www.dell.com/support/kbdoc/en-us/000204995/dsa-2022-273-dell-secure-connect-gateway-policy-manager-security-update-for-multiple-proprietary-code-vulnerabilities • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •