Article Number: 000214200
DSA-2023-193: Dell Secure Connect Gateway Security Policy Manager Update for Multiple Vulnerabilities
Summary: Dell Secure Connect Gateway Policy Manager contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.
Article Content
Impact
Critical
Details
| Third-Party Component | CVEs | More information |
|---|---|---|
| Spring Framework | CVE-2023-20860, CVE-2023-20861, CVE-2023-20862, CVE-2023-20863, CVE-2023-28708 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/  |
| JRE 1.8.0 | CVE-2023-21830, CVE-2023-21843 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Json-Smart | CVE-2023-1370 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
Affected Products and Remediation
| Product | Affected Versions | Updated Version | Link to Update |
|---|---|---|---|
| SCG Policy Manager | 5.14.00.14 | 5.16.00.14 | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers |
| Product | Affected Versions | Updated Version | Link to Update |
|---|---|---|---|
| SCG Policy Manager | 5.14.00.14 | 5.16.00.14 | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers |
Version 5.16.00.14 also includes the remediation for PRISMA-2023-0067.
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-05-31 | Initial Release |
| 2.0 | 2023-06-08 | Updated the Impact |
| 3.0 | 2023-08-31 | Updated for enhanced presentation with no changes to content. |
Related Information
Legal Information
Article Properties
Affected Product
Secure Connect Gateway, Secure Connect Gateway - Virtual Edition
Last Published Date
31 Aug 2023
Version
4
Article Type
Dell Security Advisory