CVE-2024-37131
7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated user.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell | Secure Connect Gateway (SCG) Policy Manager | 5.18.20 <= 5.22.00.18 | affected |
Weaknesses
- CWE-942: CWE-942: Permissive Cross-domain Policy with Untrusted Domains
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.