CVE-2024-29168

Summary

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data.

Affected Software

VendorProductVersion RangeStatus
DellSecure Connect Gateway-Application5.18.00.20 <= 5.22.00.18affected
DellSecure Connect Gateway-Appliance5.18.00.20 <= 5.22.00.18affected

Weaknesses

  • CWE-89: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References