Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000193601

DSA-2021-245: Dell EMC Secure Connect Gateway Security Update for Multiple Vulnerabilities

Summary: Dell EMC Secure Connect Gateway contains remediation for multiple vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details

Proprietary Code CVE Description CVSSBase Score CVSS Vector String
CVE-2021-36340 Dell EMC SCG 5.00.00.10 and earlier contains a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H


 
Third-party Component
 		 CVEs More information
java CVE-2021-2341
CVE-2021-2369
CVE-2021-2388
CVE-2021-2432
CVE-2021-3517
CVE-2021-3522
CVE-2021-35550
CVE-2021-35556
CVE-2021-35559
CVE-2021-35567
CVE-2021-35578
CVE-2021-35588
CVE-2021-35564
CVE-2021-35565
CVE-2021-35586
CVE-2021-35561
CVE-2021-35560
CVE-2021-35603		 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
kernel-default-base
 		 CVE-2020-0429
CVE-2020-36385
CVE-2021-22543
CVE-2021-22555
CVE-2021-3609
CVE-2021-3612
CVE-2021-3659
CVE-2021-37576
libxerces CVE-2018-1311
file
file-magic
libmagic		 CVE-2019-18218
libsolv
 		 CVE-2021-3200
apache2
 		 CVE-2021-30641
CVE-2021-33193
libdbus CVE-2020-12049
CVE-2020-35512
openssl CVE-2021-3711
CVE-2021-3712
cpio CVE-2021-38185
 
libpq5 CVE-2021-3677
Jetty CVE-2021-28168
Jersey CVE-2021-34429
Proprietary Code CVE Description CVSSBase Score CVSS Vector String
CVE-2021-36340 Dell EMC SCG 5.00.00.10 and earlier contains a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H


 
Third-party Component
 		 CVEs More information
java CVE-2021-2341
CVE-2021-2369
CVE-2021-2388
CVE-2021-2432
CVE-2021-3517
CVE-2021-3522
CVE-2021-35550
CVE-2021-35556
CVE-2021-35559
CVE-2021-35567
CVE-2021-35578
CVE-2021-35588
CVE-2021-35564
CVE-2021-35565
CVE-2021-35586
CVE-2021-35561
CVE-2021-35560
CVE-2021-35603		 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
kernel-default-base
 		 CVE-2020-0429
CVE-2020-36385
CVE-2021-22543
CVE-2021-22555
CVE-2021-3609
CVE-2021-3612
CVE-2021-3659
CVE-2021-37576
libxerces CVE-2018-1311
file
file-magic
libmagic		 CVE-2019-18218
libsolv
 		 CVE-2021-3200
apache2
 		 CVE-2021-30641
CVE-2021-33193
libdbus CVE-2020-12049
CVE-2020-35512
openssl CVE-2021-3711
CVE-2021-3712
cpio CVE-2021-38185
 
libpq5 CVE-2021-3677
Jetty CVE-2021-28168
Jersey CVE-2021-34429
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Version Updated Version Link to Update
Dell EMC Secure Connect Gateway - Virtual Edition 5.00.00.10 5.00.05.10 The Secure Connect Gateway patch is published in Dell SUSE Repo Manager (SUMA) repository and the existing process triggers an Email notification to customers' Secure Connect Gateway primary and secondary contacts. The email notification contains a link to Release notes (along with details of security updates) and a link to update the customer’s Gateway to the latest patch. Contact Dell EMC Secure Connect Gateway Virtual Edition Customer Support for any questions regarding upgrading your Dell EMC Secure Connect Gateway Virtual Edition system.
 


Product Affected Version Updated Version Link to Update
Dell EMC Secure Connect Gateway - Virtual Edition 5.00.00.10 5.00.05.10 The Secure Connect Gateway patch is published in Dell SUSE Repo Manager (SUMA) repository and the existing process triggers an Email notification to customers' Secure Connect Gateway primary and secondary contacts. The email notification contains a link to Release notes (along with details of security updates) and a link to update the customer’s Gateway to the latest patch. Contact Dell EMC Secure Connect Gateway Virtual Edition Customer Support for any questions regarding upgrading your Dell EMC Secure Connect Gateway Virtual Edition system.
 


Acknowledgements

Dell would like to thank Thorsten Tüllmann for reporting CVE-2021-36340.

Revision History

RevisionDateDescription
1.02021-11-17Initial Release
2.02021-11-29CVEs updated

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

Secure Connect Gateway, Secure Connect Gateway, Secure Connect Gateway - Virtual Edition

Product

Product Security Information

Last Published Date

03 Mar 2022

Article Type

Dell Security Advisory

Back to Top