DSA-2025-386: Security Update for Dell Secure Connect Gateway REST API

詳細文章

影響

詳細資料

受影響的產品與補救措施

修訂歷史記錄

感謝

相關資訊

法律免責聲明

受影響的產品

提供意見反應

摘要: Dell Secure Connect Gateway Application and Appliance remediation is available for security vulnerability that can be exploited by a malicious user with a valid session to allow relative path traversal to restricted resources. ...

本文章適用於本文章不適用於本文無關於任何特定產品。本文未識別所有產品版本。

查看其他資源

影響

Medium

詳細資料

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2025-46363	Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources.	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2025-46363	Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources.	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Dell Technologies 建議所有客戶不僅要參考 CVSS 基本分數，也要將可能會影響與特定安全漏洞相關之潛在嚴重性的所有相關暫時和環境分數納入考量。

受影響的產品與補救措施

Product	Affected Versions	Remediated Versions	Link
Secure Connect Gateway-Application	Versions 5.26.00 through 5.30.00	Version 5.32.00 or later	https://www.dell.com/support/home/product-support/product/secure-connect-gateway-app-edition/drivers
Secure Connect Gateway-Appliance	Versions 5.26.00 through 5.30.00	Version 5.32.00 or later	https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers

Product	Affected Versions	Remediated Versions	Link
Secure Connect Gateway-Application	Versions 5.26.00 through 5.30.00	Version 5.32.00 or later	https://www.dell.com/support/home/product-support/product/secure-connect-gateway-app-edition/drivers
Secure Connect Gateway-Appliance	Versions 5.26.00 through 5.30.00	Version 5.32.00 or later	https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers

修訂歷史記錄

Revision	Date	Description
1.0	2025-10-29	Initial Release

感謝

CVE-2025-46363: Dell would like to thank Ahmed Y. Elmogy for reporting this issue.

法律免責聲明

受影響的產品

Secure Connect Gateway, Secure Connect Gateway - Application Edition, Secure Connect Gateway - Virtual Edition

文章編號: 000385239

文章類型: Dell Security Advisory

上次修改時間: 29 10月 2025

檢查您的裝置是否在支援服務的涵蓋範圍內。

DSA-2025-386: Security Update for Dell Secure Connect Gateway REST API

摘要: Dell Secure Connect Gateway Application and Appliance remediation is available for security vulnerability that can be exploited by a malicious user with a valid session to allow relative path traversal to restricted resources. ...

影響

詳細資料

受影響的產品與補救措施

修訂歷史記錄

感謝

相關資訊

法律免責聲明

受影響的產品

文章屬性

向其他 Dell 使用者尋求您問題的答案

支援服務

文章屬性

向其他 Dell 使用者尋求您問題的答案

支援服務

DSA-2025-386: Security Update for Dell Secure Connect Gateway REST API

摘要: Dell Secure Connect Gateway Application and Appliance remediation is available for security vulnerability that can be exploited by a malicious user with a valid session to allow relative path traversal to restricted resources. ... 檢視更多內容 檢視較少內容

詳細文章

影響

詳細資料

受影響的產品與補救措施

修訂歷史記錄

感謝

相關資訊

法律免責聲明

受影響的產品

影響

詳細資料

受影響的產品與補救措施

修訂歷史記錄

感謝

相關資訊

法律免責聲明

受影響的產品

文章屬性

向其他 Dell 使用者尋求您問題的答案

支援服務

文章屬性

向其他 Dell 使用者尋求您問題的答案

支援服務

摘要: Dell Secure Connect Gateway Application and Appliance remediation is available for security vulnerability that can be exploited by a malicious user with a valid session to allow relative path traversal to restricted resources. ...