DSA-2025-386: Security Update for Dell Secure Connect Gateway REST API
요약: Dell Secure Connect Gateway Application and Appliance remediation is available for security vulnerability that can be exploited by a malicious user with a valid session to allow relative path traversal to restricted resources. ...
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
영향
Medium
세부 정보
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-46363 | Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-46363 | Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
영향을 받는 제품 및 문제 해결
| Product | Affected Versions | Remediated Versions | Link |
| Secure Connect Gateway-Application | Versions 5.26.00 through 5.30.00 | Version 5.32.00 or later | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-app-edition/drivers |
| Secure Connect Gateway-Appliance | Versions 5.26.00 through 5.30.00 | Version 5.32.00 or later | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers |
| Product | Affected Versions | Remediated Versions | Link |
| Secure Connect Gateway-Application | Versions 5.26.00 through 5.30.00 | Version 5.32.00 or later | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-app-edition/drivers |
| Secure Connect Gateway-Appliance | Versions 5.26.00 through 5.30.00 | Version 5.32.00 or later | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers |
개정 내역
| Revision | Date | Description |
| 1.0 | 2025-10-29 | Initial Release |
감사의 말
CVE-2025-46363: Dell would like to thank Ahmed Y. Elmogy for reporting this issue.
관련 정보
법적 고지 사항
해당 제품
Secure Connect Gateway, Secure Connect Gateway - Application Edition, Secure Connect Gateway - Virtual Edition문서 속성
문서 번호: 000385239
문서 유형: Dell Security Advisory
마지막 수정 시간: 29 10월 2025
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.