cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-37131,https://securityvulnerability.io/vulnerability/CVE-2024-37131,CORP Vulnerability in SCG Policy Manager Allows Remote Execution of Malicious Actions,"The SCG Policy Manager from Dell has a vulnerability due to an overly permissive Cross-Origin Resource Policy (CORP). This flaw permits potential exploitation by remote unauthenticated attackers, who can initiate malicious actions within the context of authenticated users. As a result, the vulnerability poses significant risks to the integrity and security of the application, potentially leading to unauthorized access and actions on behalf of legitimate users. Organizations utilizing SCG Policy Manager should assess their systems and implement necessary security measures to mitigate these risks.",Dell,Secure Connect Gateway (scg) Policy Manager,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-13T14:35:24.334Z,0
CVE-2024-24903,https://securityvulnerability.io/vulnerability/CVE-2024-24903,Weak Password Recovery Mechanism in Dell SCG Policy Manager Could Lead to Unauthorized Access,"The Dell Secure Connect Gateway Policy Manager, starting from version 5.10, exhibits a significant vulnerability due to its weak password recovery mechanism. This flaw allows an adjacent network attacker with low privileges to potentially exploit the system. The attacker may retrieve the password reset token without necessary authorization, subsequently allowing them to change the password and gain unauthorized access to the application with the privileges associated with the compromised account. It is crucial for users to review security practices regarding password recovery mechanisms to mitigate risks associated with unauthorized access.",Dell,Secure Connect Gateway (scg) Policy Manager,8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-01T13:30:30.579Z,0
CVE-2024-24904,https://securityvulnerability.io/vulnerability/CVE-2024-24904,"Stored Cross-Site Scripting Vulnerability in Dell SCG Policy Manager Could Lead to Information Disclosure, Session Theft, or Client-Side Request Forgery","The Dell Secure Connect Gateway (SCG) Policy Manager exhibits a vulnerability that allows for stored cross-site scripting (XSS) attacks. This issue enables high-privileged attackers in adjacent networks to inject malicious HTML or JavaScript into a trusted application data store. When users interact with the affected application, the injected code can execute in their web browsers, potentially leading to serious consequences including information disclosure, session theft, and client-side request forgery. Organizations using the Dell SCG Policy Manager should prioritize applying available updates to mitigate this vulnerability.",Dell,Secure Connect Gateway (scg) Policy Manager,7.6,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-01T13:24:01.513Z,0
CVE-2024-24905,https://securityvulnerability.io/vulnerability/CVE-2024-24905,"Stored Cross-Site Scripting Vulnerability in Dell SCG Policy Manager Could Lead to Information Disclosure, Session Theft, or Client-Side Request Forgery","Dell Secure Connect Gateway (SCG) Policy Manager contains a Stored Cross-Site Scripting vulnerability that can be exploited by high-privileged attackers on adjacent networks. The vulnerability allows for the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim accesses this data store via their browser, the malicious code executes in the context of the vulnerable application. This exploitation can lead to serious consequences, such as the disclosure of sensitive information, session theft, or client-side request forgery, posing significant risks to users and systems utilizing the affected software.",Dell,Secure Connect Gateway (scg) Policy Manager,7.6,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-01T13:19:33.871Z,0
CVE-2024-24907,https://securityvulnerability.io/vulnerability/CVE-2024-24907,"Stored Cross-Site Scripting Vulnerability in Dell SCG Policy Manager Could Lead to Information Disclosure, Session Theft, or Client-Side Request Forgery","Dell Secure Connect Gateway (SCG) Policy Manager contains a vulnerability that allows for Stored Cross-Site Scripting (XSS) through the Filters page. A high-privileged attacker on an adjacent network can exploit this flaw to store malicious HTML or JavaScript code within a trusted application data store. When an unsuspecting user accesses this data store via their web browser, the malicious code executes in the context of the web application. This exploitation can lead to significant security concerns, including unauthorized information disclosure, session theft, and the potential for client-side request forgery.",Dell,Secure Connect Gateway (scg) Policy Manager,7.6,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-01T13:14:30.093Z,0
CVE-2024-24906,https://securityvulnerability.io/vulnerability/CVE-2024-24906,"Stored Cross-Site Scripting Vulnerability in Dell SCG Policy Manager Could Lead to Information Disclosure, Session Theft, or Client-Side Request Forgery","The vulnerability in Dell Secure Connect Gateway (SCG) Policy Manager comprises a Stored Cross-Site Scripting (XSS) flaw located on the Policy page. This security risk allows an adjacent network attacker with high privileges to introduce harmful HTML or JavaScript codes into a trusted data store utilized by the application. When unsuspecting users access this data through their browsers, the injected malicious scripts are executed, potentially leading to a range of security issues including unauthorized information disclosure, session hijacking, or even client-side request forgery. Users must be vigilant as these exploits can compromise the confidentiality and integrity of their interactions within the web application.",Dell,Secure Connect Gateway (scg) Policy Manager,7.6,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-01T13:06:31.021Z,0
CVE-2024-24900,https://securityvulnerability.io/vulnerability/CVE-2024-24900,Unauthorized Access to System via Improper Authorization Vulnerability,"The Dell Secure Connect Gateway (SCG) Policy Manager suffers from an improper authorization flaw that could potentially be exploited by low privileged attackers in an adjacent network. This vulnerability allows unauthorized devices to be added to existing policies, which may lead to information disclosure and unauthorized access to sensitive systems. Organizations utilizing affected versions of the Policy Manager should apply necessary patches or updates to mitigate potential security threats and safeguard their network integrity.",Dell,Secure Connect Gateway (scg) Policy Manager,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-01T13:00:00.943Z,0
CVE-2023-39252,https://securityvulnerability.io/vulnerability/CVE-2023-39252,Broken Cryptographic Algorithm in Dell SCG Policy Manager,"The Dell SCG Policy Manager version 5.16.00.14 is susceptible to a vulnerability stemming from a broken cryptographic algorithm. This flaw allows remote unauthenticated attackers to conduct Man-in-the-Middle (MitM) attacks, potentially granting them access to sensitive information. It is critical for users to apply necessary security updates and protect their environments against this susceptibility.",Dell,Secure Connect Gateway (scg) Policy Manager,5.9,MEDIUM,0.0020099999383091927,false,,false,false,false,,,false,false,,2023-09-21T06:15:00.000Z,0
CVE-2022-34442,https://securityvulnerability.io/vulnerability/CVE-2022-34442,Hard-Coded Cryptographic Key Vulnerability in Dell EMC SCG Policy Manager,"The Dell EMC SCG Policy Manager versions 5.10 to 5.12 are impacted by a hard-coded cryptographic key vulnerability. This security flaw allows an attacker with knowledge of the hard-coded sensitive information to gain unauthorized access to the system. Once exploited, the attacker could potentially log in with LDAP user privileges, posing significant risks to the confidentiality and integrity of the system. It is crucial for users of affected versions to apply available patches and updates to mitigate this risk.",Dell,Secure Connect Gateway (scg) Policy Manager,8,HIGH,0.0020099999383091927,false,,false,false,false,,,false,false,,2023-01-18T06:54:35.455Z,0
CVE-2022-34462,https://securityvulnerability.io/vulnerability/CVE-2022-34462,Hard-coded Password Vulnerability in Dell EMC SCG Policy Manager,"Dell EMC SCG Policy Manager versions 5.10 to 5.12 are susceptible to a vulnerability that involves hard-coded passwords. This security flaw could allow an attacker, who knows the hard-coded credentials, to gain unauthorized access and administrative privileges to the system. It is essential for users of affected versions to address this vulnerability promptly to safeguard their systems and data.",Dell,Secure Connect Gateway (scg) Policy Manager,8.4,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-01-18T06:51:37.641Z,0
CVE-2022-34441,https://securityvulnerability.io/vulnerability/CVE-2022-34441,Hard-coded Cryptographic Key Vulnerability in Dell EMC SCG Policy Manager,"Dell EMC SCG Policy Manager, versions 5.10 to 5.12, is vulnerable due to the presence of a hard-coded cryptographic key. An attacker with access to this hard-coded sensitive information may potentially exploit the vulnerability to gain unauthorized access and achieve administrative privileges within the system.",Dell,Secure Connect Gateway (scg) Policy Manager,8,HIGH,0.0020099999383091927,false,,false,false,false,,,false,false,,2023-01-11T09:03:34.166Z,0
CVE-2022-34440,https://securityvulnerability.io/vulnerability/CVE-2022-34440,Hard-coded Cryptographic Key Vulnerability in Dell EMC SCG Policy Manager,"The Dell EMC SCG Policy Manager, specifically versions ranging from 5.10 to 5.12, is susceptible to a vulnerability involving a hard-coded cryptographic key. This flaw allows an attacker who is aware of the hard-coded sensitive information to potentially gain unauthorized access to the system, thereby acquiring admin privileges. Proper mitigation and security practices are advised to safeguard against this risk.",Dell,Secure Connect Gateway (scg) Policy Manager,8.4,HIGH,0.0020099999383091927,false,,false,false,false,,,false,false,,2023-01-11T08:23:05.229Z,0