Vulnerability Details CVE-2023-44294
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API.
This issue may potentially lead to unintentional information disclosure from the product database.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.5%
CVSS Severity
CVSS v3 Score 5.4
References
- https://www.dell.com/support/kbdoc/en-us/000219372/dsa-2023-403-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities
- https://www.dell.com/support/kbdoc/en-us/000219372/dsa-2023-403-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities
Products affected by CVE-2023-44294
-
cpe:2.3:a:dell:secure_connect_gateway:5.10.00.00
-
cpe:2.3:a:dell:secure_connect_gateway:5.10.00.10
-
cpe:2.3:a:dell:secure_connect_gateway:5.12.00.00
-
cpe:2.3:a:dell:secure_connect_gateway:5.12.00.10
-
cpe:2.3:a:dell:secure_connect_gateway:5.14.00.00
-
cpe:2.3:a:dell:secure_connect_gateway:5.14.00.10
-
cpe:2.3:a:dell:secure_connect_gateway:5.14.00.12
-
cpe:2.3:a:dell:secure_connect_gateway:5.14.00.16
-
cpe:2.3:a:dell:secure_connect_gateway:5.16.00.00
-
cpe:2.3:a:dell:secure_connect_gateway:5.16.00.14
-
cpe:2.3:a:dell:secure_connect_gateway:5.18.00.00
-
cpe:2.3:a:dell:secure_connect_gateway:5.18.00.20