Artikelnummer: 000225956

DSA-2024-254: Security Update for Dell Secure Connect Gateway Policy Manager Multiple Vulnerabilities

Samenvatting: Dell Secure Connect Gateway Policy Manager remediation for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article content

Impact

Critical

Gegevens

Third-Party Component	CVEs	More information
org.postgresql:postgresql	CVE-2024-1597	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
org.bouncycastle	CVE-2023-33202, CVE-2024-30172	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
ip	CVE-2023-42282	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
luxon	CVE-2023-22467	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
minimatch	CVE-2022-3517	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
json5	CVE-2022-46175	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
http-cache-semantics	CVE-2022-25881	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Java	CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20923, CVE-2024-20926, CVE-2024-20932	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Spring Framework	CVE-2024-22234, CVE-2024-22243, CVE-2024-22257, CVE-2024-22259, CVE-2024-22262	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
SUSE Enterprise 12 SP5	CVE-2021-46932, CVE-2022-20154, CVE-2023-35827, CVE-2023-52340, CVE-2023-52429, CVE-2023-52482, CVE-2023-52502, CVE-2023-52597, CVE-2024-0340, CVE-2024-0607, CVE-2024-0775, CVE-2024-1086, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622, CVE-2023-51385	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/

Proprietary Code CVEs	Description	CVSSBase Score	CVSS Vector String
CVE-2024-37131	SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated user.	7.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Proprietary Code CVEs	Description	CVSSBase Score	CVSS Vector String
CVE-2024-37131	SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated user.	7.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

CVEs Addressed	Product	Affected Versions	Updated Version	Link to Update
CVE-2024-1597, CVE-2023-33202, CVE-2024-30172, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20923, CVE-2024-20926, CVE-2024-20932, CVE-2024-22234, CVE-2024-22243, CVE-2024-22257, CVE-2024-22259, CVE-2024-22262, CVE-2021-46932, CVE-2022-20154, CVE-2023-35827, CVE-2023-52429, CVE-2023-52482, CVE-2023-52502, CVE-2023-52597, CVE-2024-0340, CVE-2024-0607, CVE-2024-0775, CVE-2024-1086, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622, CVE-2023-51385, CVE-2023-52340	Dell Policy Manager for Secure Connect Gateway	Version 5.22.00.18	Version 5.24.00.14 or later	https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers
CVE-2023-42282, CVE-2023-22467, CVE-2022-3517, CVE-2022-46175, CVE-2022-25881, CVE-2024-37131	Dell Policy Manager for Secure Connect Gateway	Versions 5.18.20 through 5.22.00.18	Version 5.24.00.14 or later	https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers

CVEs Addressed

Product

Affected Versions

Updated Version

Link to Update

CVE-2024-1597, CVE-2023-33202, CVE-2024-30172, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20923, CVE-2024-20926, CVE-2024-20932, CVE-2024-22234, CVE-2024-22243, CVE-2024-22257, CVE-2024-22259, CVE-2024-22262, CVE-2021-46932, CVE-2022-20154, CVE-2023-35827, CVE-2023-52429, CVE-2023-52482, CVE-2023-52502, CVE-2023-52597, CVE-2024-0340, CVE-2024-0607, CVE-2024-0775, CVE-2024-1086, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622, CVE-2023-51385, CVE-2023-52340

Dell Policy Manager for Secure Connect Gateway

Version 5.22.00.18

Version 5.24.00.14 or later

https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers

CVE-2023-42282, CVE-2023-22467, CVE-2022-3517, CVE-2022-46175, CVE-2022-25881, CVE-2024-37131

Dell Policy Manager for Secure Connect Gateway

Versions 5.18.20 through 5.22.00.18

Version 5.24.00.14 or later

https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers

CVEs Addressed	Product	Affected Versions	Updated Version	Link to Update
CVE-2024-1597, CVE-2023-33202, CVE-2024-30172, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20923, CVE-2024-20926, CVE-2024-20932, CVE-2024-22234, CVE-2024-22243, CVE-2024-22257, CVE-2024-22259, CVE-2024-22262, CVE-2021-46932, CVE-2022-20154, CVE-2023-35827, CVE-2023-52429, CVE-2023-52482, CVE-2023-52502, CVE-2023-52597, CVE-2024-0340, CVE-2024-0607, CVE-2024-0775, CVE-2024-1086, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622, CVE-2023-51385, CVE-2023-52340	Dell Policy Manager for Secure Connect Gateway	Version 5.22.00.18	Version 5.24.00.14 or later	https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers
CVE-2023-42282, CVE-2023-22467, CVE-2022-3517, CVE-2022-46175, CVE-2022-25881, CVE-2024-37131	Dell Policy Manager for Secure Connect Gateway	Versions 5.18.20 through 5.22.00.18	Version 5.24.00.14 or later	https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers

CVEs Addressed

Product

Affected Versions

Updated Version

Link to Update

Dell Policy Manager for Secure Connect Gateway

Version 5.22.00.18

Version 5.24.00.14 or later

https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers

CVE-2023-42282, CVE-2023-22467, CVE-2022-3517, CVE-2022-46175, CVE-2022-25881, CVE-2024-37131

Dell Policy Manager for Secure Connect Gateway

Versions 5.18.20 through 5.22.00.18

Version 5.24.00.14 or later

https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers

Tijdelijke oplossingen en beperkingen

None

Revisiegeschiedenis

Revision	Date	Description
1.0	2024-06-11	Initial Release
2.0	2024-06-12	Updated table links
3.0	2024-06-13	Updated the format for the table

DSA-2024-254: Security Update for Dell Secure Connect Gateway Policy Manager Multiple Vulnerabilities

Samenvatting: Dell Secure Connect Gateway Policy Manager remediation for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article content

Impact

Gegevens

Getroffen producten en herstel

Tijdelijke oplossingen en beperkingen

Revisiegeschiedenis

Verwante informatie

Juridische informatie

Artikeleigenschappen

Datum laatst gepubliceerd

Artikeltype

Welkom

Welkom bij Dell

DSA-2024-254: Security Update for Dell Secure Connect Gateway Policy Manager Multiple Vulnerabilities

Samenvatting: Dell Secure Connect Gateway Policy Manager remediation for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article content

Impact

Gegevens

Getroffen producten en herstel

Tijdelijke oplossingen en beperkingen

Revisiegeschiedenis

Verwante informatie

Juridische informatie

Artikeleigenschappen

Datum laatst gepubliceerd

Artikeltype