Article Number: 000219309

DSA-2023-413: Dell Secure Connect Gateway Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell Secure Connect Gateway remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details

Third-Party Component	CVEs	More information
Apache Tomcat	CVE-2021-42340, CVE-2022-29885, CVE-2023-41080, CVE-2023-31122	See SUSE link below for each CVE https://www.suse.com
Batik-xml	CVE-2022-44729	See NVD link below for individual scores for each CVE https://nvd.nist.gov
Bind	CVE-2023-3341	See SUSE link below for each CVE https://www.suse.com
Curl	CVE-2023-38545, CVE-2023-38546, CVE-2023-38039	See SUSE link below for each CVE https://www.suse.com
Gpg2	CVE-2018-9234	See SUSE link below for each CVE https://www.suse.com
Kernel	CVE-2022-36402	See SUSE link below for each CVE https://www.suse.com
Libnghttp2	CVE-2023-35945	See SUSE link below for each CVE https://www.suse.com
Mdadm	CVE-2023-28736	See SUSE link below for each CVE https://www.suse.com
PostgreSQL JDBC driver	CVE-2022-41946	See NVD link below for individual scores for each CVE https://nvd.nist.gov
Python	CVE-2023-40217	See SUSE link below for each CVE https://www.suse.com
Vim	CVE-2023-4733	See SUSE link below for each CVE https://www.suse.com
Vmtools	CVE-2023-20900	See SUSE link below for each CVE https://www.suse.com

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed	Product	Affected Versions	Updated Version	Link to Update
CVE-2018-9234, CVE-2022-36402, CVE-2022-41946, CVE-2021-42340, CVE-2022-29885, CVE-2022-44729, CVE-2023-41080, CVE-2023-3341, CVE-2023-38545, CVE-2023-38546, CVE-2023-38039, CVE-2023-35945, CVE-2023-28736, CVE-2023-40217, CVE-2023-4733, CVE-2023-20900, CVE-2023-31122	Dell Secure Connect Gateway	Version 5.18.00.20	Version 5.20.00.10	https://www.dell.com/support/home/en-us/product-support/product/secure-connect-gateway-ve/drivers

CVEs Addressed	Product	Affected Versions	Updated Version	Link to Update
CVE-2018-9234, CVE-2022-36402, CVE-2022-41946, CVE-2021-42340, CVE-2022-29885, CVE-2022-44729, CVE-2023-41080, CVE-2023-3341, CVE-2023-38545, CVE-2023-38546, CVE-2023-38039, CVE-2023-35945, CVE-2023-28736, CVE-2023-40217, CVE-2023-4733, CVE-2023-20900, CVE-2023-31122	Dell Secure Connect Gateway	Version 5.18.00.20	Version 5.20.00.10	https://www.dell.com/support/home/en-us/product-support/product/secure-connect-gateway-ve/drivers

Workarounds and Mitigations

None

Revision History

Revision	Date	Description
1.0	2023-11-08	Initial Release
2.0	2023-11-08	Added CVE-2023-31122 to Third Party Component Table under Apache Tomcat, Added to Affected Products and Remediation Table

DSA-2023-413: Dell Secure Connect Gateway Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell Secure Connect Gateway remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Workarounds and Mitigations

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Version

Article Type

Welcome

Welcome to Dell

DSA-2023-413: Dell Secure Connect Gateway Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell Secure Connect Gateway remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Workarounds and Mitigations

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Version

Article Type