Saltedfish

**Name of the Vulnerable Software and Affected Versions** Dell Secure Connect Gateway (SCG) Application and Appliance versions prior to 5.28 **Description** The issue is due to improper neutralization of special elements used in an SQL command, leading to a SQL injection vulnerability. This can be exploited locally on the affected system by a high-privilege attacker, potentially resulting in the disclosure of non-sensitive information that does not include any customer data. **Recommendations** For versions prior to 5.28, update to version 5.28 or later to resolve the issue. As a temporary workaround, consider restricting local access to the system to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dell SCG versions prior to 5.22.00.00 **Description** The issue concerns a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this, leading to the execution of certain SQL commands on the application's backend database, causing potential unauthorized access and modification of application data. **Recommendations** For versions prior to 5.22.00.00, update to version 5.22.00.00 or later to resolve the issue. As a temporary workaround, consider restricting access to the internal assets REST API to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dell SCG versions prior to 5.22.00.00 **Description** The issue concerns a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing potential unauthorized access and modification of application data. **Recommendations** For versions prior to 5.22.00.00, update to version 5.22.00.00 or later to resolve the issue. As a temporary workaround, consider restricting access to the SCG UI for the internal audit REST API until a patch is applied. Additionally, restrict the execution of SQL commands on the application's backend database to minimize the risk of exploitation.