Dell Secure Connect Gateway False Positive article for v5.28 or later
摘要: This article provides a list of security vulnerabilities that cannot be exploited on Dell Secure Connect Gateway 5.28.00 or later, but which may be flagged by security scanners.
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
安全性文章類型
Security KB
CVE 識別碼
CVE-2025-24813, CVE-2024-39929, CVE-2025-30232, CVE-2024-6387
問題摘要
See the 'Recommendation' section below for details on each CVE.
建議
| Third Party Component | CVE ID | Summary of Vulnerability | Reason why Product is not Vulnerable | Date Determined False Positive |
| Apache Tomcat | CVE-2025-24813 |
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. |
SCG environment doesn't provide the attacker with necessary prerequisites for exploitation i.e for the successful exploit. | 2025-04-22 |
| Exim | CVE-2024-39929 | Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users. | The consumed 3rd party component version is above the affected versions. | 2024-12-17 |
| Exim | CVE-2025-30232 | A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. | The consumed 3rd party component version is above the affected versions. | 2025-04-22 |
| Openssh | CVE-2024-6387 | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. | The consumed 3rd party component version is above the affected versions. | 2025-04-22 |
法律免責聲明
受影響的產品
Secure Connect Gateway, Secure Connect Gateway - Application Edition文章屬性
文章編號: 000314048
文章類型: Security KB
上次修改時間: 10 9月 2025
版本: 2
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。