Medium
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023- 44293 | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database. |
5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
| CVE-2023- 44294 | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database. |
5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023- 44293 | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database. |
5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
| CVE-2023- 44294 | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database. |
5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Secure Connect Gateway-Application | Between v5.10.00.00 and v5.18.00.00 | 5.20.00 | Secure Connect Gateway | Application |
| Secure Connect Gateway-Appliance | Between v5.10.00.00 and v5.18.00.00 | 5.20.00 | Secure Connect Gateway | Appliance |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Secure Connect Gateway-Application | Between v5.10.00.00 and v5.18.00.00 | 5.20.00 | Secure Connect Gateway | Application |
| Secure Connect Gateway-Appliance | Between v5.10.00.00 and v5.18.00.00 | 5.20.00 | Secure Connect Gateway | Appliance |
| CVE ID | Workaround and Mitigation |
|---|---|
| CVE-2023- 44293 | Users need to keep the Secure Connect Gateway-Application and Secure Connect Gateway-Appliance updated to the latest version. |
| CVE-2023- 44294 | Users need to keep the Secure Connect Gateway-Application and Secure Connect Gateway-Appliance updated to the latest version. |
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-11-08 | Initial Release |