Stored Cross-Site Scripting Vulnerability in Dell SCG Policy Manager Could Lead to Information Disclosure, Session Theft, or Client-Side Request Forgery
CVE-2024-24905

7.6HIGH

Key Information:

Vendor: Dell
Status: Secure Connect Gateway (scg) Policy Manager
Vendor: CVE Published:; 1 March 2024

Summary

Dell Secure Connect Gateway (SCG) Policy Manager contains a Stored Cross-Site Scripting vulnerability that can be exploited by high-privileged attackers on adjacent networks. The vulnerability allows for the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim accesses this data store via their browser, the malicious code executes in the context of the vulnerable application. This exploitation can lead to serious consequences, such as the disclosure of sensitive information, session theft, or client-side request forgery, posing significant risks to users and systems utilizing the affected software.

Affected Version(s)

Secure Connect Gateway (SCG) Policy Manager < 5.22.00.16

References

https://www.dell.com/support/kbdoc/en-us/000222330/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 1, 2024
Vulnerability Reserved
Feb 1, 2024

Credit

kosmosec