DSA-2025-386: Security Update for Dell Secure Connect Gateway REST API
Podsumowanie: Dell Secure Connect Gateway Application and Appliance remediation is available for security vulnerability that can be exploited by a malicious user with a valid session to allow relative path traversal to restricted resources. ...
Ten artykuł dotyczy
Ten artykuł nie dotyczy
Ten artykuł nie jest powiązany z żadnym konkretnym produktem.
Nie wszystkie wersje produktu zostały zidentyfikowane w tym artykule.
Skutki
Medium
Szczegóły
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-46363 | Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-46363 | Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Produkty, których dotyczy problem, i środki zaradcze
| Product | Affected Versions | Remediated Versions | Link |
| Secure Connect Gateway-Application | Versions 5.26.00 through 5.30.00 | Version 5.32.00 or later | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-app-edition/drivers |
| Secure Connect Gateway-Appliance | Versions 5.26.00 through 5.30.00 | Version 5.32.00 or later | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers |
| Product | Affected Versions | Remediated Versions | Link |
| Secure Connect Gateway-Application | Versions 5.26.00 through 5.30.00 | Version 5.32.00 or later | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-app-edition/drivers |
| Secure Connect Gateway-Appliance | Versions 5.26.00 through 5.30.00 | Version 5.32.00 or later | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers |
Historia zmian
| Revision | Date | Description |
| 1.0 | 2025-10-29 | Initial Release |
Podziękowania
CVE-2025-46363: Dell would like to thank Ahmed Y. Elmogy for reporting this issue.
Powiązane informacje
Zastrzeżenie prawne
Produkty, których dotyczy problem
Secure Connect Gateway, Secure Connect Gateway - Application Edition, Secure Connect Gateway - Virtual EditionWłaściwości artykułu
Numer artykułu: 000385239
Typ artykułu: Dell Security Advisory
Ostatnia modyfikacja: 29 paź 2025
Znajdź odpowiedzi na swoje pytania u innych użytkowników produktów Dell
Usługi pomocy technicznej
Sprawdź, czy Twoje urządzenie jest objęte usługą pomocy technicznej.