PT-2024-13187 · Dell · Dell Secure Connect Gateway Appliance
Published
2024-02-14
·
Updated
2024-10-17
·
CVE-2023-44294
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance versions 5.10.00.00 through 5.18.00.00
Description
A security concern has been identified where a malicious user with a valid user session may inject malicious content in filters of the Collection Rest API, potentially leading to unintentional information disclosure from the product database.
Recommendations
For versions 5.10.00.00 through 5.18.00.00, consider restricting access to the Collection Rest API to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using filters in the Collection Rest API.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Secure Connect Gateway Appliance