Dell Secure Connect Gateway False Positive article for v5.28 or later
Riepilogo: This article provides a list of security vulnerabilities that cannot be exploited on Dell Secure Connect Gateway 5.28.00 or later, but which may be flagged by security scanners.
Questo articolo si applica a
Questo articolo non si applica a
Questo articolo non è legato a un prodotto specifico.
Non tutte le versioni del prodotto sono identificate in questo articolo.
Tipo di articolo sulla sicurezza
Security KB
ID CVE
CVE-2025-24813, CVE-2024-39929, CVE-2025-30232, CVE-2024-6387
Riepilogo del problema
See the 'Recommendation' section below for details on each CVE.
Raccomandazioni
| Third Party Component | CVE ID | Summary of Vulnerability | Reason why Product is not Vulnerable | Date Determined False Positive |
| Apache Tomcat | CVE-2025-24813 |
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. |
SCG environment doesn't provide the attacker with necessary prerequisites for exploitation i.e for the successful exploit. | 2025-04-22 |
| Exim | CVE-2024-39929 | Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users. | The consumed 3rd party component version is above the affected versions. | 2024-12-17 |
| Exim | CVE-2025-30232 | A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. | The consumed 3rd party component version is above the affected versions. | 2025-04-22 |
| Openssh | CVE-2024-6387 | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. | The consumed 3rd party component version is above the affected versions. | 2025-04-22 |
Dichiarazione di non responsabilità
Prodotti interessati
Secure Connect Gateway, Secure Connect Gateway - Application EditionProprietà dell'articolo
Numero articolo: 000314048
Tipo di articolo: Security KB
Ultima modifica: 10 set 2025
Versione: 2
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.