CVE-2024-28969

Name of the Vulnerable Software and Affected Versions Dell SCG versions prior to 5.24.00.00

Description The issue is related to an Improper Access Control vulnerability in the SCG exposed for an internal update REST API. This API is only accessible if enabled by an Admin user from the UI. A remote low-privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database. This could potentially allow an unauthorized user access to restricted resources.

Recommendations For versions prior to 5.24.00.00, update to version 5.24.00.00 or later to resolve the issue. As a temporary workaround, consider disabling the internal update REST API until a patch is available. Restrict access to the SCG to minimize the risk of exploitation. Avoid using the REST API for internal updates until the issue is resolved.