CVE-2024-29169

EUVD-2024-26202
Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
dellsecure_connect_gateway
5.18.00.20 ≤
𝑥
< 5.24.00.14
dellsecure_connect_gateway
5.18.00.20 ≤
𝑥
< 5.24.00.14
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
dellsecure_connect_gateway_application
5.18.00.20 ≤
𝑥
≤ 5.22.00.18
ADP
dellsecure_connect_gateway_appliance
5.18.00.20 ≤
𝑥
≤ 5.22.00.18
ADP
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities
https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities