CVE-2024-28968

Name of the Vulnerable Software and Affected Versions Dell SCG versions prior to 5.24.00.00

Description The issue is related to an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database. This could potentially allow an unauthorized user access to restricted resources and change of state.

Recommendations For versions prior to 5.24.00.00, update to version 5.24.00.00 or later to resolve the issue. As a temporary workaround, consider disabling the REST APIs for internal email and collection settings until a patch is available. Restrict access to the backend database to minimize the risk of exploitation. Avoid using the vulnerable REST APIs until the issue is resolved.