Dell Secure Connect Gateway False Positive article for v5.28 or later
Sammendrag: This article provides a list of security vulnerabilities that cannot be exploited on Dell Secure Connect Gateway 5.28.00 or later, but which may be flagged by security scanners.
Denne artikkelen gjelder for
Denne artikkelen gjelder ikke for
Denne artikkelen er ikke knyttet til noe bestemt produkt.
Det er ikke produktversjonene som identifiseres i denne artikkelen.
Type sikkerhetsartikkel
Security KB
CVE-identifikator
CVE-2025-24813, CVE-2024-39929, CVE-2025-30232, CVE-2024-6387
Problemsammendrag
See the 'Recommendation' section below for details on each CVE.
Anbefalinger
| Third Party Component | CVE ID | Summary of Vulnerability | Reason why Product is not Vulnerable | Date Determined False Positive |
| Apache Tomcat | CVE-2025-24813 |
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. |
SCG environment doesn't provide the attacker with necessary prerequisites for exploitation i.e for the successful exploit. | 2025-04-22 |
| Exim | CVE-2024-39929 | Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users. | The consumed 3rd party component version is above the affected versions. | 2024-12-17 |
| Exim | CVE-2025-30232 | A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. | The consumed 3rd party component version is above the affected versions. | 2025-04-22 |
| Openssh | CVE-2024-6387 | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. | The consumed 3rd party component version is above the affected versions. | 2025-04-22 |
Juridisk ansvarsfraskrivelse
Berørte produkter
Secure Connect Gateway, Secure Connect Gateway - Application EditionArtikkelegenskaper
Artikkelnummer: 000314048
Artikkeltype: Security KB
Sist endret: 10 sep. 2025
Versjon: 2
Få svar på spørsmålene dine fra andre Dell-brukere
Støttetjenester
Sjekk om enheten din er dekket av støttetjenestene.