DSA-2023-403: Security Update for Dell Secure Connect Gateway-Application and Appliance Vulnerabilities.
Shrnutí: Dell Secure Connect Gateway Application and Appliance, remediation is available for security vulnerabilities that can be exploited by malicious user with a valid session to compromise the affected system. ...
Tento článek se vztahuje na
Tento článek se nevztahuje na
Tento článek není vázán na žádný konkrétní produkt.
V tomto článku nejsou uvedeny všechny verze produktu.
Vliv
Medium
Podrobnosti
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023- 44293 | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database. |
5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
| CVE-2023- 44294 | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database. |
5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023- 44293 | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database. |
5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
| CVE-2023- 44294 | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database. |
5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Dotčené produkty a náprava
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Secure Connect Gateway-Application | Between v5.10.00.00 and v5.18.00.00 | 5.20.00 | Secure Connect Gateway | Application |
| Secure Connect Gateway-Appliance | Between v5.10.00.00 and v5.18.00.00 | 5.20.00 | Secure Connect Gateway | Appliance |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Secure Connect Gateway-Application | Between v5.10.00.00 and v5.18.00.00 | 5.20.00 | Secure Connect Gateway | Application |
| Secure Connect Gateway-Appliance | Between v5.10.00.00 and v5.18.00.00 | 5.20.00 | Secure Connect Gateway | Appliance |
Zástupná řešení a opatření pro zmírnění rizik
| CVE ID | Workaround and Mitigation |
|---|---|
| CVE-2023- 44293 | Users need to keep the Secure Connect Gateway-Application and Secure Connect Gateway-Appliance updated to the latest version. |
| CVE-2023- 44294 | Users need to keep the Secure Connect Gateway-Application and Secure Connect Gateway-Appliance updated to the latest version. |
Historie změn
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-11-08 | Initial Release |
Související informace
Právní upozornění
Dotčené produkty
Secure Connect Gateway, Secure Connect Gateway, Secure Connect Gateway - Application EditionVlastnosti článku
Číslo článku: 000219372
Typ článku: Dell Security Advisory
Poslední úprava: 08 lis 2023
Najděte odpovědi na své otázky od ostatních uživatelů společnosti Dell
Služby podpory
Zkontrolujte, zda se na vaše zařízení vztahují služby podpory.