CVE-2023-44293

In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:25

Type Values Removed Values Added
References () https://www.dell.com/support/kbdoc/en-us/000219372/dsa-2023-403-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities - Vendor Advisory () https://www.dell.com/support/kbdoc/en-us/000219372/dsa-2023-403-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities - Vendor Advisory
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 5.4

17 Oct 2024, 14:40

Type Values Removed Values Added
CPE cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 5.4
v2 : unknown
v3 : 6.5
References () https://www.dell.com/support/kbdoc/en-us/000219372/dsa-2023-403-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities - () https://www.dell.com/support/kbdoc/en-us/000219372/dsa-2023-403-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities - Vendor Advisory
First Time Dell secure Connect Gateway
Dell

14 Feb 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-14 08:15

Updated : 2024-11-21 08:25


NVD link : CVE-2023-44293

Mitre link : CVE-2023-44293

CVE.ORG link : CVE-2023-44293


JSON object : View

Products Affected

dell

  • secure_connect_gateway
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')