CVE-2024-28965

Name of the Vulnerable Software and Affected Versions Dell SCG versions prior to 5.24.00.00

Description The issue is related to an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API. This could allow a remote low privileged attacker to execute certain Internal APIs applicable only for Admin Users on the application's backend database, potentially granting unauthorized access to restricted resources and allowing changes to the state.

Recommendations For versions prior to 5.24.00.00, update to version 5.24.00.00 or later to resolve the issue. As a temporary workaround, consider disabling the internal enable REST API until a patch is available. Restrict access to the backend database to minimize the risk of exploitation. Avoid using the REST API for administrative tasks until the issue is resolved.