DSA-2023-403: Security Update for Dell Secure Connect Gateway-Application and Appliance Vulnerabilities.
Samenvatting: Dell Secure Connect Gateway Application and Appliance, remediation is available for security vulnerabilities that can be exploited by malicious user with a valid session to compromise the affected system. ...
Dit artikel is van toepassing op
Dit artikel is niet van toepassing op
Dit artikel is niet gebonden aan een specifiek product.
Niet alle productversies worden in dit artikel vermeld.
Impact
Medium
Gegevens
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023- 44293 | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database. |
5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
| CVE-2023- 44294 | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database. |
5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023- 44293 | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database. |
5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
| CVE-2023- 44294 | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database. |
5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Getroffen producten en herstel
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Secure Connect Gateway-Application | Between v5.10.00.00 and v5.18.00.00 | 5.20.00 | Secure Connect Gateway | Application |
| Secure Connect Gateway-Appliance | Between v5.10.00.00 and v5.18.00.00 | 5.20.00 | Secure Connect Gateway | Appliance |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Secure Connect Gateway-Application | Between v5.10.00.00 and v5.18.00.00 | 5.20.00 | Secure Connect Gateway | Application |
| Secure Connect Gateway-Appliance | Between v5.10.00.00 and v5.18.00.00 | 5.20.00 | Secure Connect Gateway | Appliance |
Tijdelijke oplossingen en risicobeperking
| CVE ID | Workaround and Mitigation |
|---|---|
| CVE-2023- 44293 | Users need to keep the Secure Connect Gateway-Application and Secure Connect Gateway-Appliance updated to the latest version. |
| CVE-2023- 44294 | Users need to keep the Secure Connect Gateway-Application and Secure Connect Gateway-Appliance updated to the latest version. |
Revisiegeschiedenis
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-11-08 | Initial Release |
Verwante informatie
Juridische verklaring van afstand
Getroffen producten
Secure Connect Gateway, Secure Connect Gateway, Secure Connect Gateway - Application EditionArtikeleigenschappen
Artikelnummer: 000219372
Artikeltype: Dell Security Advisory
Laatst aangepast: 08 nov. 2023
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.