cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-47241,https://securityvulnerability.io/vulnerability/CVE-2024-47241,Unauthorized Access to Transmitted Data via Improper Certificate Validation,"The vulnerability affects the Dell Secure Connect Gateway 5.0 Appliance, specifically in version 5.24, where improper certificate validation may allow low privileged attackers with remote access to execute malicious actions. This could lead to unauthorized access and the potential for modification of data in transit, posing significant risks to the integrity and confidentiality of transmitted information.",Dell,Secure Connect Gateway,8.1,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-10-18T17:15:00.000Z,0
CVE-2024-48016,https://securityvulnerability.io/vulnerability/CVE-2024-48016,Low Privilege Attacker Could Discover Exposed Credentials and Access the System,"The vulnerability identified in the Dell Secure Connect Gateway 5.0 Appliance - SRS version 5.24 arises from the use of a broken or risky cryptographic algorithm. This flaw enables a low privileged attacker with remote access to potentially exploit the vulnerability, which may lead to unauthorized information disclosure. The exposed credentials could allow the attacker to gain access to the system as the compromised account, thereby raising significant security concerns.",Dell,Secure Connect Gateway,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-10-18T17:15:00.000Z,0
CVE-2024-47240,https://securityvulnerability.io/vulnerability/CVE-2024-47240,Incorrect Default Permissions Vulnerability in Dell Secure Connect Gateway (SCG) 5.24,Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data and cause a version update failure condition.,Dell,Secure Connect Gateway (scg) 5.0 Appliance - Srs,6.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-18T11:09:18.635Z,0
CVE-2024-29169,https://securityvulnerability.io/vulnerability/CVE-2024-29169,Dell SCG Vulnerable to SQL Injection Attacks,"Dell Secure Connect Gateway, prior to version 5.22.00.00, is susceptible to a SQL Injection vulnerability within its internal audit REST API. This flaw allows a remote authenticated attacker to exploit the SCG user interface, enabling them to execute arbitrary SQL commands on the backend database. Successful exploitation could lead to unauthorized access and potential modification of critical application data, posing significant risks to data integrity and confidentiality.",Dell,"Secure Connect Gateway-application,Secure Connect Gateway-appliance",8.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-13T15:13:44.030Z,0
CVE-2024-29168,https://securityvulnerability.io/vulnerability/CVE-2024-29168,Dell SCG Vulnerable to SQL Injection Attacks,"The vulnerability in the Dell Secure Connect Gateway (SCG) allows remote authenticated attackers to exploit a SQL injection flaw in the SCG UI's internal assets REST API. By injecting certain SQL commands, an attacker could manipulate the backend database, potentially leading to unauthorized access and modifications of application data. Users of versions prior to 5.22.00.00 are particularly at risk and are advised to implement security measures promptly.",Dell,"Secure Connect Gateway-application,Secure Connect Gateway-appliance",8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-06-13T15:09:31.764Z,0
CVE-2024-28969,https://securityvulnerability.io/vulnerability/CVE-2024-28969,Dell SCG Vulnerability Could Allow Unauthorized Access to Restricted Resources,"Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources.",Dell,"Secure Connect Gateway-application,Secure Connect Gateway-appliance",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-13T15:05:01.940Z,0
CVE-2024-28968,https://securityvulnerability.io/vulnerability/CVE-2024-28968,Dell SCG Vulnerable to Improper Access Control,"Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.",Dell,"Secure Connect Gateway-application,Secure Connect Gateway-appliance",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-13T15:01:22.196Z,0
CVE-2024-28967,https://securityvulnerability.io/vulnerability/CVE-2024-28967,Dell SCG Vulnerability Could Lead to Unauthorized Access to Restricted Resources,"Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.",Dell,"Secure Connect Gateway-application,Secure Connect Gateway-appliance",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-13T14:57:23.532Z,0
CVE-2024-28966,https://securityvulnerability.io/vulnerability/CVE-2024-28966,Dell SCG Vulnerable to Improper Access Control,"Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.",Dell,"Secure Connect Gateway-application,Secure Connect Gateway-appliance",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-13T14:51:28.103Z,0
CVE-2024-28965,https://securityvulnerability.io/vulnerability/CVE-2024-28965,Dell SCG Vulnerable to Improper Access Control,"Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.",Dell,"Secure Connect Gateway-application,Secure Connect Gateway-appliance",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-13T14:47:29.267Z,0
CVE-2024-37131,https://securityvulnerability.io/vulnerability/CVE-2024-37131,CORP Vulnerability in SCG Policy Manager Allows Remote Execution of Malicious Actions,"The SCG Policy Manager from Dell has a vulnerability due to an overly permissive Cross-Origin Resource Policy (CORP). This flaw permits potential exploitation by remote unauthenticated attackers, who can initiate malicious actions within the context of authenticated users. As a result, the vulnerability poses significant risks to the integrity and security of the application, potentially leading to unauthorized access and actions on behalf of legitimate users. Organizations utilizing SCG Policy Manager should assess their systems and implement necessary security measures to mitigate these risks.",Dell,Secure Connect Gateway (scg) Policy Manager,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-13T14:35:24.334Z,0
CVE-2024-24903,https://securityvulnerability.io/vulnerability/CVE-2024-24903,Weak Password Recovery Mechanism in Dell SCG Policy Manager Could Lead to Unauthorized Access,"The Dell Secure Connect Gateway Policy Manager, starting from version 5.10, exhibits a significant vulnerability due to its weak password recovery mechanism. This flaw allows an adjacent network attacker with low privileges to potentially exploit the system. The attacker may retrieve the password reset token without necessary authorization, subsequently allowing them to change the password and gain unauthorized access to the application with the privileges associated with the compromised account. It is crucial for users to review security practices regarding password recovery mechanisms to mitigate risks associated with unauthorized access.",Dell,Secure Connect Gateway (scg) Policy Manager,8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-01T13:30:30.579Z,0
CVE-2024-24904,https://securityvulnerability.io/vulnerability/CVE-2024-24904,"Stored Cross-Site Scripting Vulnerability in Dell SCG Policy Manager Could Lead to Information Disclosure, Session Theft, or Client-Side Request Forgery","The Dell Secure Connect Gateway (SCG) Policy Manager exhibits a vulnerability that allows for stored cross-site scripting (XSS) attacks. This issue enables high-privileged attackers in adjacent networks to inject malicious HTML or JavaScript into a trusted application data store. When users interact with the affected application, the injected code can execute in their web browsers, potentially leading to serious consequences including information disclosure, session theft, and client-side request forgery. Organizations using the Dell SCG Policy Manager should prioritize applying available updates to mitigate this vulnerability.",Dell,Secure Connect Gateway (scg) Policy Manager,7.6,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-01T13:24:01.513Z,0
CVE-2024-24905,https://securityvulnerability.io/vulnerability/CVE-2024-24905,"Stored Cross-Site Scripting Vulnerability in Dell SCG Policy Manager Could Lead to Information Disclosure, Session Theft, or Client-Side Request Forgery","Dell Secure Connect Gateway (SCG) Policy Manager contains a Stored Cross-Site Scripting vulnerability that can be exploited by high-privileged attackers on adjacent networks. The vulnerability allows for the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim accesses this data store via their browser, the malicious code executes in the context of the vulnerable application. This exploitation can lead to serious consequences, such as the disclosure of sensitive information, session theft, or client-side request forgery, posing significant risks to users and systems utilizing the affected software.",Dell,Secure Connect Gateway (scg) Policy Manager,7.6,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-01T13:19:33.871Z,0
CVE-2024-24907,https://securityvulnerability.io/vulnerability/CVE-2024-24907,"Stored Cross-Site Scripting Vulnerability in Dell SCG Policy Manager Could Lead to Information Disclosure, Session Theft, or Client-Side Request Forgery","Dell Secure Connect Gateway (SCG) Policy Manager contains a vulnerability that allows for Stored Cross-Site Scripting (XSS) through the Filters page. A high-privileged attacker on an adjacent network can exploit this flaw to store malicious HTML or JavaScript code within a trusted application data store. When an unsuspecting user accesses this data store via their web browser, the malicious code executes in the context of the web application. This exploitation can lead to significant security concerns, including unauthorized information disclosure, session theft, and the potential for client-side request forgery.",Dell,Secure Connect Gateway (scg) Policy Manager,7.6,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-01T13:14:30.093Z,0
CVE-2024-24906,https://securityvulnerability.io/vulnerability/CVE-2024-24906,"Stored Cross-Site Scripting Vulnerability in Dell SCG Policy Manager Could Lead to Information Disclosure, Session Theft, or Client-Side Request Forgery","The vulnerability in Dell Secure Connect Gateway (SCG) Policy Manager comprises a Stored Cross-Site Scripting (XSS) flaw located on the Policy page. This security risk allows an adjacent network attacker with high privileges to introduce harmful HTML or JavaScript codes into a trusted data store utilized by the application. When unsuspecting users access this data through their browsers, the injected malicious scripts are executed, potentially leading to a range of security issues including unauthorized information disclosure, session hijacking, or even client-side request forgery. Users must be vigilant as these exploits can compromise the confidentiality and integrity of their interactions within the web application.",Dell,Secure Connect Gateway (scg) Policy Manager,7.6,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-01T13:06:31.021Z,0
CVE-2024-24900,https://securityvulnerability.io/vulnerability/CVE-2024-24900,Unauthorized Access to System via Improper Authorization Vulnerability,"The Dell Secure Connect Gateway (SCG) Policy Manager suffers from an improper authorization flaw that could potentially be exploited by low privileged attackers in an adjacent network. This vulnerability allows unauthorized devices to be added to existing policies, which may lead to information disclosure and unauthorized access to sensitive systems. Organizations utilizing affected versions of the Policy Manager should apply necessary patches or updates to mitigate potential security threats and safeguard their network integrity.",Dell,Secure Connect Gateway (scg) Policy Manager,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-01T13:00:00.943Z,0
CVE-2024-22457,https://securityvulnerability.io/vulnerability/CVE-2024-22457,Dell Secure Connect Gateway Vulnerability: Remote Attacker Can Impersonate Server,"The Dell Secure Connect Gateway version 5.20 is susceptible to an improper authentication vulnerability in the update mechanism between the SRS and SCG. This flaw could enable a remote low privileged attacker to exploit the gateway by presenting a fraudulent self-signed certificate, thereby impersonating the server and potentially establishing unauthorized communication with the remote server. Organizations using this product should take immediate precautions to mitigate the risks associated with this vulnerability.",Dell,Secure Connect Gateway (scg) 5.0 Appliance - Srs,8.8,HIGH,0.0005799999926239252,false,,false,false,false,,,false,false,,2024-03-01T11:04:00.267Z,0
CVE-2024-22458,https://securityvulnerability.io/vulnerability/CVE-2024-22458,Inadequate Encryption Strength Vulnerability Affects Dell Secure Connect Gateway,"Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.",Dell,Secure Connect Gateway (scg) 5.0 Appliance - Srs,5.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-03-01T10:57:47.632Z,0
CVE-2023-44294,https://securityvulnerability.io/vulnerability/CVE-2023-44294,Dell Secure Connect Gateway Vulnerability Could Lead to Information Disclosure,"A security concern has been identified in the Dell Secure Connect Gateway Application and Appliance, specifically within versions ranging from v5.10.00.00 to v5.18.00.00. This vulnerability allows a malicious user, who has a valid user session, to inject malicious content into the filters of the Collection Rest API. Consequently, this could lead to inadvertent disclosure of sensitive information from the product's database, raising significant security risks for users relying on these applications.",Dell,"Secure Connect Gateway-application,Secure Connect Gateway-appliance",6.5,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-02-14T08:24:00.579Z,0
CVE-2023-44293,https://securityvulnerability.io/vulnerability/CVE-2023-44293,Dell Secure Connect Gateway Vulnerability Could Lead to Information Disclosure,"A vulnerability exists in the Dell Secure Connect Gateway Application and Appliance, particularly affecting versions between v5.10.00.00 and v5.18.00.00. This security issue allows an authenticated malicious user to inject harmful content into the filters of the IP Range Rest API. As a result, there is a risk of unintentional information disclosure from the product's database, posing potential security and privacy risks to users. It is imperative for organizations using these affected versions to assess their exposure and apply necessary updates to mitigate the risk associated with this vulnerability.",Dell,"Secure Connect Gateway-application,Secure Connect Gateway-appliance",6.5,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-02-14T08:05:10.270Z,0
CVE-2023-39252,https://securityvulnerability.io/vulnerability/CVE-2023-39252,Broken Cryptographic Algorithm in Dell SCG Policy Manager,"The Dell SCG Policy Manager version 5.16.00.14 is susceptible to a vulnerability stemming from a broken cryptographic algorithm. This flaw allows remote unauthenticated attackers to conduct Man-in-the-Middle (MitM) attacks, potentially granting them access to sensitive information. It is critical for users to apply necessary security updates and protect their environments against this susceptibility.",Dell,Secure Connect Gateway (scg) Policy Manager,5.9,MEDIUM,0.0020099999383091927,false,,false,false,false,,,false,false,,2023-09-21T06:15:00.000Z,0
CVE-2023-28043,https://securityvulnerability.io/vulnerability/CVE-2023-28043,Information Disclosure Vulnerability in Dell Secure Connect Gateway,"Dell Secure Connect Gateway 5.14 is susceptible to an information disclosure vulnerability that manifests during the upgrade process from SRS to SCG. This vulnerability allows a remote user with limited privileges to potentially exploit the system, leading to the retrieval of sensitive data in plain text. It is essential for users to review the security measures and implement updates to mitigate this risk.",Dell,Secure Connect Gateway,6.5,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-06-01T16:15:00.000Z,0
CVE-2023-23695,https://securityvulnerability.io/vulnerability/CVE-2023-23695,Broken Cryptographic Algorithm in Dell Secure Connect Gateway Affecting Sensitive Data,"Dell Secure Connect Gateway version 5.14.00.12 contains a vulnerability related to a broken cryptographic algorithm. This flaw allows remote unauthenticated attackers to exploit the system through Man-in-the-Middle (MitM) attacks. If successfully executed, attackers may gain access to sensitive information, posing significant risks to data integrity and confidentiality. Users of affected versions are strongly advised to apply security updates to mitigate potential threats.",Dell,Secure Connect Gateway (SCG) 5.0 Appliance - SRS,5.9,MEDIUM,0.0016299999551847577,false,,false,false,false,,,false,false,,2023-02-17T07:15:00.000Z,0
CVE-2022-34442,https://securityvulnerability.io/vulnerability/CVE-2022-34442,Hard-Coded Cryptographic Key Vulnerability in Dell EMC SCG Policy Manager,"The Dell EMC SCG Policy Manager versions 5.10 to 5.12 are impacted by a hard-coded cryptographic key vulnerability. This security flaw allows an attacker with knowledge of the hard-coded sensitive information to gain unauthorized access to the system. Once exploited, the attacker could potentially log in with LDAP user privileges, posing significant risks to the confidentiality and integrity of the system. It is crucial for users of affected versions to apply available patches and updates to mitigate this risk.",Dell,Secure Connect Gateway (scg) Policy Manager,8,HIGH,0.0020099999383091927,false,,false,false,false,,,false,false,,2023-01-18T06:54:35.455Z,0