Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
References
Configurations
History
21 Nov 2024, 09:07
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities - Vendor Advisory |
06 Aug 2024, 15:30
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CWE | NVD-CWE-noinfo | |
First Time |
Dell
Dell secure Connect Gateway |
|
CPE | cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:*:*:*:* | |
References | () https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities - Vendor Advisory |
13 Jun 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-13 15:15
Updated : 2024-11-21 09:07
NVD link : CVE-2024-28967
Mitre link : CVE-2024-28967
CVE.ORG link : CVE-2024-28967
JSON object : View
Products Affected
dell
- secure_connect_gateway
CWE