CVE-2024-29169

Name of the Vulnerable Software and Affected Versions Dell SCG versions prior to 5.22.00.00

Description The issue concerns a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing potential unauthorized access and modification of application data.

Recommendations For versions prior to 5.22.00.00, update to version 5.22.00.00 or later to resolve the issue. As a temporary workaround, consider restricting access to the SCG UI for the internal audit REST API until a patch is applied. Additionally, restrict the execution of SQL commands on the application's backend database to minimize the risk of exploitation.