Dell SCG Vulnerable to SQL Injection Attacks

CVE-2024-29168

8.8HIGH

Key Information

Vendor: Dell
Status: Secure Connect Gateway-application; Secure Connect Gateway-appliance
Vendor: CVE Published:; 13 June 2024

Summary

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data.

Affected Version(s)

Secure Connect Gateway-Application <= 5.22.00.18

Secure Connect Gateway-Appliance <= 5.22.00.18

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jun 13, 2024
Vulnerability Reserved.
Mar 18, 2024

Collectors

NVD DatabaseMitre Database

Credit

Dell would like to thank saltedfish for reporting this issue