DSA-2025-386: Security Update for Dell Secure Connect Gateway REST API

详细文章

影响

详情

受影响的产品和补救措施

修订历史记录

确认

摘要: Dell Secure Connect Gateway Application and Appliance remediation is available for security vulnerability that can be exploited by a malicious user with a valid session to allow relative path traversal to restricted resources. ...

本文适用于本文不适用于本文并非针对某种特定的产品。本文并非包含所有产品版本。

查看其他资源

影响

Medium

详情

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2025-46363	Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources.	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2025-46363	Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources.	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数，这可能会影响与特定安全漏洞相关的潜在严重程度。

受影响的产品和补救措施

Product	Affected Versions	Remediated Versions	Link
Secure Connect Gateway-Application	Versions 5.26.00 through 5.30.00	Version 5.32.00 or later	https://www.dell.com/support/home/product-support/product/secure-connect-gateway-app-edition/drivers
Secure Connect Gateway-Appliance	Versions 5.26.00 through 5.30.00	Version 5.32.00 or later	https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers

Product	Affected Versions	Remediated Versions	Link
Secure Connect Gateway-Application	Versions 5.26.00 through 5.30.00	Version 5.32.00 or later	https://www.dell.com/support/home/product-support/product/secure-connect-gateway-app-edition/drivers
Secure Connect Gateway-Appliance	Versions 5.26.00 through 5.30.00	Version 5.32.00 or later	https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers

修订历史记录

Revision	Date	Description
1.0	2025-10-29	Initial Release

确认

CVE-2025-46363: Dell would like to thank Ahmed Y. Elmogy for reporting this issue.

法律免责声明

受影响的产品

Secure Connect Gateway, Secure Connect Gateway - Application Edition, Secure Connect Gateway - Virtual Edition

文章编号: 000385239

文章类型: Dell Security Advisory

上次修改时间: 29 10月 2025

DSA-2025-386: Security Update for Dell Secure Connect Gateway REST API

摘要: Dell Secure Connect Gateway Application and Appliance remediation is available for security vulnerability that can be exploited by a malicious user with a valid session to allow relative path traversal to restricted resources. ...

影响

详情

受影响的产品和补救措施

修订历史记录

确认

相关信息

法律免责声明

受影响的产品

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

DSA-2025-386: Security Update for Dell Secure Connect Gateway REST API

摘要: Dell Secure Connect Gateway Application and Appliance remediation is available for security vulnerability that can be exploited by a malicious user with a valid session to allow relative path traversal to restricted resources. ... 扩大查看范围 缩小查看范围

详细文章

影响

详情

受影响的产品和补救措施

修订历史记录

确认

相关信息

法律免责声明

受影响的产品

影响

详情

受影响的产品和补救措施

修订历史记录

确认

相关信息

法律免责声明

受影响的产品

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

摘要: Dell Secure Connect Gateway Application and Appliance remediation is available for security vulnerability that can be exploited by a malicious user with a valid session to allow relative path traversal to restricted resources. ...