Article Number: 000219372
DSA-2023-403: Security Update for Dell Secure Connect Gateway-Application and Appliance Vulnerabilities.
Summary: Dell Secure Connect Gateway Application and Appliance, remediation is available for security vulnerabilities that can be exploited by malicious user with a valid session to compromise the affected system. ...
Article Content
Impact
Medium
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023- 44293 | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database. |
5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
| CVE-2023- 44294 | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database. |
5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023- 44293 | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database. |
5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
| CVE-2023- 44294 | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database. |
5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Affected Products and Remediation
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Secure Connect Gateway-Application | Between v5.10.00.00 and v5.18.00.00 | 5.20.00 | Secure Connect Gateway | Application |
| Secure Connect Gateway-Appliance | Between v5.10.00.00 and v5.18.00.00 | 5.20.00 | Secure Connect Gateway | Appliance |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Secure Connect Gateway-Application | Between v5.10.00.00 and v5.18.00.00 | 5.20.00 | Secure Connect Gateway | Application |
| Secure Connect Gateway-Appliance | Between v5.10.00.00 and v5.18.00.00 | 5.20.00 | Secure Connect Gateway | Appliance |
Workarounds and Mitigations
| CVE ID | Workaround and Mitigation |
|---|---|
| CVE-2023- 44293 | Users need to keep the Secure Connect Gateway-Application and Secure Connect Gateway-Appliance updated to the latest version. |
| CVE-2023- 44294 | Users need to keep the Secure Connect Gateway-Application and Secure Connect Gateway-Appliance updated to the latest version. |
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-11-08 | Initial Release |
Related Information
Legal Information
Article Properties
Affected Product
Secure Connect Gateway, Secure Connect Gateway, Secure Connect Gateway - Application Edition
Last Published Date
08 Nov 2023
Version
1
Article Type
Dell Security Advisory