Dell Secure Connect Gateway False Positive article for v5.28 or later
Resumo: This article provides a list of security vulnerabilities that cannot be exploited on Dell Secure Connect Gateway 5.28.00 or later, but which may be flagged by security scanners.
Este artigo aplica-se a
Este artigo não se aplica a
Este artigo não está vinculado a nenhum produto específico.
Nem todas as versões do produto estão identificadas neste artigo.
Tipo de artigo de segurança
Security KB
Identificador do CVE
CVE-2025-24813, CVE-2024-39929, CVE-2025-30232, CVE-2024-6387
Resumo do problema
See the 'Recommendation' section below for details on each CVE.
Recomendações
| Third Party Component | CVE ID | Summary of Vulnerability | Reason why Product is not Vulnerable | Date Determined False Positive |
| Apache Tomcat | CVE-2025-24813 |
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. |
SCG environment doesn't provide the attacker with necessary prerequisites for exploitation i.e for the successful exploit. | 2025-04-22 |
| Exim | CVE-2024-39929 | Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users. | The consumed 3rd party component version is above the affected versions. | 2024-12-17 |
| Exim | CVE-2025-30232 | A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. | The consumed 3rd party component version is above the affected versions. | 2025-04-22 |
| Openssh | CVE-2024-6387 | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. | The consumed 3rd party component version is above the affected versions. | 2025-04-22 |
Aviso de isenção legal
Produtos afetados
Secure Connect Gateway, Secure Connect Gateway - Application EditionPropriedades do artigo
Número do artigo: 000314048
Tipo de artigo: Security KB
Último modificado: 10 set. 2025
Versão: 2
Encontre as respostas de outros usuários da Dell para suas perguntas.
Serviços de suporte
Verifique se o dispositivo está coberto pelos serviços de suporte.