Dell Secure Connect Gateway False Positive article for v5.28 or later
Resumen: This article provides a list of security vulnerabilities that cannot be exploited on Dell Secure Connect Gateway 5.28.00 or later, but which may be flagged by security scanners.
Este artículo se aplica a
Este artículo no se aplica a
Este artículo no está vinculado a ningún producto específico.
No se identifican todas las versiones del producto en este artículo.
Tipo de artículo de seguridad
Security KB
Identificador de CVE
CVE-2025-24813, CVE-2024-39929, CVE-2025-30232, CVE-2024-6387
Resumen del problema
See the 'Recommendation' section below for details on each CVE.
Recomendaciones
| Third Party Component | CVE ID | Summary of Vulnerability | Reason why Product is not Vulnerable | Date Determined False Positive |
| Apache Tomcat | CVE-2025-24813 |
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. |
SCG environment doesn't provide the attacker with necessary prerequisites for exploitation i.e for the successful exploit. | 2025-04-22 |
| Exim | CVE-2024-39929 | Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users. | The consumed 3rd party component version is above the affected versions. | 2024-12-17 |
| Exim | CVE-2025-30232 | A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. | The consumed 3rd party component version is above the affected versions. | 2025-04-22 |
| Openssh | CVE-2024-6387 | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. | The consumed 3rd party component version is above the affected versions. | 2025-04-22 |
Descargo de responsabilidad
Productos afectados
Secure Connect Gateway, Secure Connect Gateway - Application EditionPropiedades del artículo
Número del artículo: 000314048
Tipo de artículo: Security KB
Última modificación: 10 sept 2025
Versión: 2
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.