Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

DSA-2023-403: Security Update for Dell Secure Connect Gateway-Application and Appliance Vulnerabilities.

Summary: Dell Secure Connect Gateway Application and Appliance, remediation is available for security vulnerabilities that can be exploited by malicious user with a valid session to compromise the affected system. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Impact

Medium

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2023- 44293 In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. 
This issue may potentially lead to unintentional information disclosure from the product database.
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023- 44294 In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. 
This issue may potentially lead to unintentional information disclosure from the product database.
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2023- 44293 In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. 
This issue may potentially lead to unintentional information disclosure from the product database.
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023- 44294 In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. 
This issue may potentially lead to unintentional information disclosure from the product database.
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Versions Remediated Versions Link
Secure Connect Gateway-Application Between v5.10.00.00 and v5.18.00.00 5.20.00  Secure Connect Gateway | Application
 
Secure Connect Gateway-Appliance Between v5.10.00.00 and v5.18.00.00 5.20.00 Secure Connect Gateway | Appliance
Product Affected Versions Remediated Versions Link
Secure Connect Gateway-Application Between v5.10.00.00 and v5.18.00.00 5.20.00  Secure Connect Gateway | Application
 
Secure Connect Gateway-Appliance Between v5.10.00.00 and v5.18.00.00 5.20.00 Secure Connect Gateway | Appliance

Workarounds & Mitigations

CVE ID Workaround and Mitigation
CVE-2023- 44293 Users need to keep the Secure Connect Gateway-Application and Secure Connect Gateway-Appliance updated to the latest version.
CVE-2023- 44294 Users need to keep the Secure Connect Gateway-Application and Secure Connect Gateway-Appliance updated to the latest version.

Revision History

RevisionDateDescription
1.02023-11-08Initial Release

Related Information

Affected Products

Secure Connect Gateway, Secure Connect Gateway, Secure Connect Gateway - Application Edition
Article Properties
Article Number: 000219372
Article Type: Dell Security Advisory
Last Modified: 08 Nov 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.