Lucene search

DellCVELIST:CVE-2024-29169

HistoryJun 13, 2024 - 3:13 p.m.

CVE-2024-29169

2024-06-1315:13:44

CWE-89

dell

www.cve.org

dell scg

sql injection

internal audit

remote attacker

unauthorized access

application data

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application’s backend database causing potential unauthorized access and modification of application data.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Secure Connect Gateway-Application",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "5.22.00.18",
        "status": "affected",
        "version": "5.18.00.20",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Secure Connect Gateway-Appliance",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "5.22.00.18",
        "status": "affected",
        "version": "5.18.00.20",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-29169