DSA-2021-245: Dell EMC Secure Connect Gateway Security Update for Multiple Vulnerabilities
요약: Dell EMC Secure Connect Gateway contains remediation for multiple vulnerabilities that may be exploited by malicious users to compromise the affected system.
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
영향
Critical
세부 정보
| Proprietary Code CVE | Description | CVSSBase Score | CVSS Vector String |
| CVE-2021-36340 | Dell EMC SCG 5.00.00.10 and earlier contains a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component |
CVEs | More information |
| java | CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 CVE-2021-2432 CVE-2021-3517 CVE-2021-3522 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35567 CVE-2021-35578 CVE-2021-35588 CVE-2021-35564 CVE-2021-35565 CVE-2021-35586 CVE-2021-35561 CVE-2021-35560 CVE-2021-35603 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| kernel-default-base |
CVE-2020-0429 CVE-2020-36385 CVE-2021-22543 CVE-2021-22555 CVE-2021-3609 CVE-2021-3612 CVE-2021-3659 CVE-2021-37576 |
|
| libxerces | CVE-2018-1311 | |
| file file-magic libmagic |
CVE-2019-18218 | |
| libsolv |
CVE-2021-3200 | |
| apache2 |
CVE-2021-30641 CVE-2021-33193 |
|
| libdbus | CVE-2020-12049 CVE-2020-35512 |
|
| openssl | CVE-2021-3711 CVE-2021-3712 |
|
| cpio | CVE-2021-38185 |
|
| libpq5 | CVE-2021-3677 | |
| Jetty | CVE-2021-28168 | |
| Jersey | CVE-2021-34429 |
| Proprietary Code CVE | Description | CVSSBase Score | CVSS Vector String |
| CVE-2021-36340 | Dell EMC SCG 5.00.00.10 and earlier contains a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component |
CVEs | More information |
| java | CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 CVE-2021-2432 CVE-2021-3517 CVE-2021-3522 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35567 CVE-2021-35578 CVE-2021-35588 CVE-2021-35564 CVE-2021-35565 CVE-2021-35586 CVE-2021-35561 CVE-2021-35560 CVE-2021-35603 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| kernel-default-base |
CVE-2020-0429 CVE-2020-36385 CVE-2021-22543 CVE-2021-22555 CVE-2021-3609 CVE-2021-3612 CVE-2021-3659 CVE-2021-37576 |
|
| libxerces | CVE-2018-1311 | |
| file file-magic libmagic |
CVE-2019-18218 | |
| libsolv |
CVE-2021-3200 | |
| apache2 |
CVE-2021-30641 CVE-2021-33193 |
|
| libdbus | CVE-2020-12049 CVE-2020-35512 |
|
| openssl | CVE-2021-3711 CVE-2021-3712 |
|
| cpio | CVE-2021-38185 |
|
| libpq5 | CVE-2021-3677 | |
| Jetty | CVE-2021-28168 | |
| Jersey | CVE-2021-34429 |
영향을 받는 제품 및 문제 해결
| Product | Affected Version | Updated Version | Link to Update |
| Dell EMC Secure Connect Gateway - Virtual Edition | 5.00.00.10 | 5.00.05.10 | The Secure Connect Gateway patch is published in Dell SUSE Repo Manager (SUMA) repository and the existing process triggers an Email notification to customers' Secure Connect Gateway primary and secondary contacts. The email notification contains a link to Release notes (along with details of security updates) and a link to update the customer’s Gateway to the latest patch. Contact Dell EMC Secure Connect Gateway Virtual Edition Customer Support for any questions regarding upgrading your Dell EMC Secure Connect Gateway Virtual Edition system. |
| Product | Affected Version | Updated Version | Link to Update |
| Dell EMC Secure Connect Gateway - Virtual Edition | 5.00.00.10 | 5.00.05.10 | The Secure Connect Gateway patch is published in Dell SUSE Repo Manager (SUMA) repository and the existing process triggers an Email notification to customers' Secure Connect Gateway primary and secondary contacts. The email notification contains a link to Release notes (along with details of security updates) and a link to update the customer’s Gateway to the latest patch. Contact Dell EMC Secure Connect Gateway Virtual Edition Customer Support for any questions regarding upgrading your Dell EMC Secure Connect Gateway Virtual Edition system. |
개정 내역
| Revision | Date | Description |
| 1.0 | 2021-11-17 | Initial Release |
| 2.0 | 2021-11-29 | CVEs updated |
감사의 말
Dell would like to thank Thorsten Tüllmann for reporting CVE-2021-36340.
관련 정보
법적 고지 사항
해당 제품
Secure Connect Gateway, Secure Connect Gateway, Secure Connect Gateway - Virtual Edition제품
Product Security Information문서 속성
문서 번호: 000193601
문서 유형: Dell Security Advisory
마지막 수정 시간: 19 9월 2025
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.