Dell Secure Connect Gateway False Positive article for v5.28 or later
Oversigt: This article provides a list of security vulnerabilities that cannot be exploited on Dell Secure Connect Gateway 5.28.00 or later, but which may be flagged by security scanners.
Denne artikel gælder for
Denne artikel gælder ikke for
Denne artikel er ikke knyttet til et bestemt produkt.
Det er ikke alle produktversioner, der er identificeret i denne artikel.
Sikkerhedsartikeltype
Security KB
CVE-id
CVE-2025-24813, CVE-2024-39929, CVE-2025-30232, CVE-2024-6387
Oversigt over problemet
See the 'Recommendation' section below for details on each CVE.
Anbefalinger
| Third Party Component | CVE ID | Summary of Vulnerability | Reason why Product is not Vulnerable | Date Determined False Positive |
| Apache Tomcat | CVE-2025-24813 |
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. |
SCG environment doesn't provide the attacker with necessary prerequisites for exploitation i.e for the successful exploit. | 2025-04-22 |
| Exim | CVE-2024-39929 | Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users. | The consumed 3rd party component version is above the affected versions. | 2024-12-17 |
| Exim | CVE-2025-30232 | A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. | The consumed 3rd party component version is above the affected versions. | 2025-04-22 |
| Openssh | CVE-2024-6387 | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. | The consumed 3rd party component version is above the affected versions. | 2025-04-22 |
Ansvarsfraskrivelse
Berørte produkter
Secure Connect Gateway, Secure Connect Gateway - Application EditionArtikelegenskaber
Artikelnummer: 000314048
Artikeltype: Security KB
Senest ændret: 10 sep. 2025
Version: 2
Find svar på dine spørgsmål fra andre Dell-brugere
Supportservices
Kontrollér, om din enhed er dækket af supportservices.