Stored Cross-Site Scripting Vulnerability in Dell SCG Policy Manager Could Lead to Information Disclosure, Session Theft, or Client-Side Request Forgery
CVE-2024-24906

7.6HIGH

Key Information:

Vendor: Dell
Status: Secure Connect Gateway (scg) Policy Manager
Vendor: CVE Published:; 1 March 2024

Summary

The vulnerability in Dell Secure Connect Gateway (SCG) Policy Manager comprises a Stored Cross-Site Scripting (XSS) flaw located on the Policy page. This security risk allows an adjacent network attacker with high privileges to introduce harmful HTML or JavaScript codes into a trusted data store utilized by the application. When unsuspecting users access this data through their browsers, the injected malicious scripts are executed, potentially leading to a range of security issues including unauthorized information disclosure, session hijacking, or even client-side request forgery. Users must be vigilant as these exploits can compromise the confidentiality and integrity of their interactions within the web application.

Affected Version(s)

Secure Connect Gateway (SCG) Policy Manager < 5.22.00.16

References

https://www.dell.com/support/kbdoc/en-us/000222330/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 1, 2024
Vulnerability Reserved
Feb 1, 2024

Credit

juust4