23 matches found
CVE-2024-22458
Dell Secure Connect Gateway (version 5.18) is affected by an Inadequate Encryption Strength vulnerability. An unauthenticated network attacker could potentially recover plaintext from a block of ciphertext due to weak cryptographic strength. The CTI sources consistently identify the affected prod...
CVE-2024-22457
CVE-2024-22457 affects Dell Secure Connect Gateway 5.20. The vulnerability arises in the SRS to SCG update path due to improper authentication, allowing a remote low-privileged attacker to impersonate the server by presenting a fake self-signed certificate when communicating with the remote serve...
CVE-2024-28965
CVE-2024-28965 affects Dell SCG prior to 5.24.00.00. The issue is an Improper Access Control in an internal enable REST API exposed by the SCG (if enabled via the UI by an Admin). A remote, low-privileged attacker could trigger internal APIs intended for Admin Users on the backend database, poten...
CVE-2024-28966
CVE-2024-28966 affects Dell SCG with versions prior to 5.24.00.00, due to an Improper Access Control vulnerability in an internal update REST API that a Admin UI-enabled function exposes. A remote, low-privileged attacker could access APIs intended for Admin Users on the backend database and pote...
CVE-2024-28967
Dell SCG (Secure Connect Gateway) vulnerable to improper access control in versions prior to 5.24.00.00 due to an exposed internal maintenance REST API that, if enabled by an Admin user from the UI, could allow a remote, low-privileged attacker to execute admin-only backend APIs associated with t...
CVE-2024-29169
Dell SCG (Secure Connect Gateway) versions prior to 5.22.00.00 have a SQL Injection vulnerability in the SCG UI for the Internal Audit REST API. A remote authenticated attacker could potentially execute SQL commands on the backend database, leading to unauthorized access and modification of appli...
CVE-2024-29168
Summary: Dell Secure Connect Gateway (SCG) prior to v5.22.00.00 contains a SQL Injection vulnerability in the SCG UI for the internal assets REST API. A remote authenticated attacker could potentially exploit this flaw to execute SQL commands on the application’s backend database, leading to unau...
CVE-2024-28968
Summary (CVE-2024-28968) Dell SCG (Dell Secure Connect Gateway) versions prior to 5.24.00.00 suffer an Improper Access Control vulnerability in the internal email and collection settings REST APIs (enabled by Admin from UI). A remote, low-privileged attacker could potentially cause execution of A...
CVE-2023-44294
CVE-2023-44294 affects Dell Secure Connect Gateway Application/Appliance (v5.10.00.00–v5.18.00.00). Root cause: SQL injection in the Collection Rest API filters that can be exploited by a user with a valid session to disclose data from the product database. Impact and context align with MEDIUM se...
CVE-2024-28969
Dell SCG prior to version 5.24.00.00 contains an Improper Access Control vulnerability in an internal update REST API that is only accessible if enabled by an Admin from the UI. A remote low-privileged attacker could potentially trigger this API and cause execution of certain admin-only APIs agai...
CVE-2025-26475
CVE-2025-26475 affects Dell Secure Connect Gateway (SCG) 5.0 Appliance – SRS 5.26. The connected sources indicate a related authorization issue exists in SCG versions prior to 5.28.00.14, stemming from the Live-Restore setting and potentially allowing improper authentication. The practical guidan...
CVE-2023-44293
CVE-2023-44293 affects Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (versions 5.10.00.00–5.18.00.00). The root cause is an SQL injection vulnerability in the IP Range Rest API filters, which could allow a malicious user with a valid session to inject content and ca...
CVE-2024-51539
Dell Secure Connect Gateway (SCG) Application and Appliance versions prior to 5.28 are affected by an SQL injection due to improper neutralization of SQL elements. The vulnerability is exploitable locally by a high-privilege attacker, potentially leading to disclosure of non-sensitive information...
CVE-2024-48016
CVE-2024-48016 affects Dell Secure Connect Gateway (SCG) 5.0 Appliance – SRS, 5.24. Root cause: use of a broken/risky cryptographic algorithm. Impact: potential information disclosure via remote access by a low-privileged attacker; attacker could use exposed credentials to access the system with ...
CVE-2021-36340
Dell EMC SCG 5.00.00.10 and earlier are affected by CVE-2021-36340, a local sensitive information disclosure vulnerability that could allow a local attacker to read sensitive information. The initial description and connected records confirm affected product/version and impact; exploitation statu...
CVE-2025-23382
Dell Secure Connect Gateway (SCG) 5.0 Appliance – SRS 5.26 is affected by an information disclosure vulnerability (Exposure of Sensitive System Information to an Unauthorized Control Sphere). A high-privilege attacker with remote access could potentially exploit this to obtain sensitive informati...
CVE-2023-23695
Dell Secure Connect Gateway (SCG) v5.14.00.12 is affected by a broken cryptographic algorithm vulnerability that could enable remote, unauthenticated MitM attacks to extract sensitive data. This is documented across multiple sources (NVD, PRION, PRION-like entries, PT-2023-6682) and centers on SC...
CVE-2024-47240
CVE-2024-47240 concerns Dell Secure Connect Gateway (SCG) version 5.24. The vulnerability is described as an incorrect default permissions issue, where a local attacker with low privileges can access the file system and potentially gain write access to unauthorized data, which could also cause a ...
CVE-2024-47241
Dell Secure Connect Gateway (SCG) 5.0 Appliance — SRS 5.24 contains an Improper Certificate Validation vulnerability. A low-privileged, remote attacker could exploit a certificate validation error to gain unauthorized access and modify transmitted data. Affected: SCG 5.24 (SRS). Root cause: certi...
CVE-2023-28043
Dell SCG 5.14 is affected by an information-disclosure vulnerability in the upgrade path from SRS to SCG. A remote, low-privileged attacker could potentially retrieve plaintext information. Affected component: Dell SCG/Policy Manager upgrade flow; root cause involves insufficient protection durin...
CVE-2025-46363
Dell Secure Connect Gateway (SCG) 5.0 software and appliances 5.26.00.00–5.30.00.00 expose a Relative Path Traversal via an internal collection download REST API that is usable when enabled from the Admin UI. A low-privilege remote attacker could abuse this to access restricted resources. A remed...
CVE-2025-46696
Summary: CVE-2025-46696 affects Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application, versions 5.26–5.30, with an Execution with Unnecessary Privileges flaw that could enable Local Privilege Escalation by a high-privilege attacker with local access. Publicly reported details specify a ...
CVE-2026-27101
Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application versions 5.28.00.xx–5.32.00.xx are affected by a Path Traversal vulnerability. The issue stems from improper path filtering, enabling a high-privilege attacker within the management network to potentially achieve remote code executio...