CVE-2023-44294

Summary

In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database.

Affected Software

VendorProductVersion RangeStatus
DellSecure Connect Gateway-Applicationv5.10.00.00 <= v5.18.00.00affected
DellSecure Connect Gateway-Appliancev5.10.00.00 <= v5.18.00.00affected

Weaknesses

  • CWE-89: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References