DSA-2023-321: Security Update for Dell Secure Connect Gateway Security Policy Manager Vulnerabilities
Podsumowanie: Dell Secure Connect Gateway Policy Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Ten artykuł dotyczy
Ten artykuł nie dotyczy
Ten artykuł nie jest powiązany z żadnym konkretnym produktem.
Nie wszystkie wersje produktu zostały zidentyfikowane w tym artykule.
Skutki
High
Szczegóły
| Third-party Component | CVEs | More Information |
|---|---|---|
| Spring Boot | CVE-2023-20883 | See NVD for individual scores for each CVE http://nvd.nist.gov/  |
| Apache Tomcat | CVE-2023-34981 | See NVD for individual scores for each CVE http://nvd.nist.gov/ |
| Google Guava | CVE-2023-2976 | See NVD for individual scores for each CVE http://nvd.nist.gov/ |
| Bouncy Castle | CVE-2023-33201 | See NVD for individual scores for each CVE http://nvd.nist.gov/ |
| Azul Systems JRE 1.8 | CVE-2023-21930, CVE-2023-21954, CVE-2023-21967, CVE-2023-21939, CVE-2023-21937, CVE-2023-21938, CVE-2023-21968 |
See NVD for individual scores for each CVE http://nvd.nist.gov/ |
| VMWare Tools | CVE-2023-20867 | See NVD for individual scores for each CVE http://nvd.nist.gov/ |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-39252 | Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-39252 | Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Produkty, których dotyczy problem, i środki zaradcze
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2023-20867, CVE-2023-20883, CVE-2023-21930, CVE-2023-21954, CVE-2023-21967, CVE-2023-21939, CVE-2023-21937, CVE-2023-21938, CVE-2023-21968, CVE-2023-2976, CVE-2023-33201, CVE-2023-34981, CVE-2023-39252 |
SCG Policy Manager | Version 5.16.00.14 | Version 5.18.00.00 | Support for Secure Connect Gateway - Virtual Edition | Drivers & Downloads |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2023-20867, CVE-2023-20883, CVE-2023-21930, CVE-2023-21954, CVE-2023-21967, CVE-2023-21939, CVE-2023-21937, CVE-2023-21938, CVE-2023-21968, CVE-2023-2976, CVE-2023-33201, CVE-2023-34981, CVE-2023-39252 |
SCG Policy Manager | Version 5.16.00.14 | Version 5.18.00.00 | Support for Secure Connect Gateway - Virtual Edition | Drivers & Downloads |
Historia zmian
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-09-20 | Initial Release |
| 2.0 | 2023-09-21 | Updating for enhanced presentation with no changes to content |
| 3.0 | 2023-10-04 | Updated hyperlinks in Affected Products and Remediation section. |
Powiązane informacje
Zastrzeżenie prawne
Produkty, których dotyczy problem
Secure Connect Gateway, Secure Connect GatewayWłaściwości artykułu
Numer artykułu: 000217683
Typ artykułu: Dell Security Advisory
Ostatnia modyfikacja: 04 paź 2023
Znajdź odpowiedzi na swoje pytania u innych użytkowników produktów Dell
Usługi pomocy technicznej
Sprawdź, czy Twoje urządzenie jest objęte usługą pomocy technicznej.