Article Number: 000225956

DSA-2024-254: Security Update for Dell Secure Connect Gateway Policy Manager Multiple Vulnerabilities

Summary: Dell Secure Connect Gateway Policy Manager remediation for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details

Third-Party Component	CVEs	More information
org.postgresql:postgresql	CVE-2024-1597	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
org.bouncycastle	CVE-2023-33202, CVE-2024-30172	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
ip	CVE-2023-42282	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
luxon	CVE-2023-22467	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
minimatch	CVE-2022-3517	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
json5	CVE-2022-46175	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
http-cache-semantics	CVE-2022-25881	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Java	CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20923, CVE-2024-20926, CVE-2024-20932	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Spring Framework	CVE-2024-22234, CVE-2024-22243, CVE-2024-22257, CVE-2024-22259, CVE-2024-22262	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
SUSE Enterprise 12 SP5	CVE-2021-46932, CVE-2022-20154, CVE-2023-35827, CVE-2023-52340, CVE-2023-52429, CVE-2023-52482, CVE-2023-52502, CVE-2023-52597, CVE-2024-0340, CVE-2024-0607, CVE-2024-0775, CVE-2024-1086, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622, CVE-2023-51385	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/

Proprietary Code CVEs	Description	CVSSBase Score	CVSS Vector String
CVE-2024-37131	SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated user.	7.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Proprietary Code CVEs	Description	CVSSBase Score	CVSS Vector String
CVE-2024-37131	SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated user.	7.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed	Product	Affected Versions	Updated Version	Link to Update
CVE-2024-1597, CVE-2023-33202, CVE-2024-30172, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20923, CVE-2024-20926, CVE-2024-20932, CVE-2024-22234, CVE-2024-22243, CVE-2024-22257, CVE-2024-22259, CVE-2024-22262, CVE-2021-46932, CVE-2022-20154, CVE-2023-35827, CVE-2023-52429, CVE-2023-52482, CVE-2023-52502, CVE-2023-52597, CVE-2024-0340, CVE-2024-0607, CVE-2024-0775, CVE-2024-1086, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622, CVE-2023-51385, CVE-2023-52340	Dell Policy Manager for Secure Connect Gateway	Version 5.22.00.18	Version 5.24.00.14 or later	https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers
CVE-2023-42282, CVE-2023-22467, CVE-2022-3517, CVE-2022-46175, CVE-2022-25881, CVE-2024-37131	Dell Policy Manager for Secure Connect Gateway	Versions 5.18.20 through 5.22.00.18	Version 5.24.00.14 or later	https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers

CVEs Addressed

Product

Affected Versions

Updated Version

Link to Update

CVE-2024-1597, CVE-2023-33202, CVE-2024-30172, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20923, CVE-2024-20926, CVE-2024-20932, CVE-2024-22234, CVE-2024-22243, CVE-2024-22257, CVE-2024-22259, CVE-2024-22262, CVE-2021-46932, CVE-2022-20154, CVE-2023-35827, CVE-2023-52429, CVE-2023-52482, CVE-2023-52502, CVE-2023-52597, CVE-2024-0340, CVE-2024-0607, CVE-2024-0775, CVE-2024-1086, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622, CVE-2023-51385, CVE-2023-52340

Dell Policy Manager for Secure Connect Gateway

Version 5.22.00.18

Version 5.24.00.14 or later

https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers

CVE-2023-42282, CVE-2023-22467, CVE-2022-3517, CVE-2022-46175, CVE-2022-25881, CVE-2024-37131

Dell Policy Manager for Secure Connect Gateway

Versions 5.18.20 through 5.22.00.18

Version 5.24.00.14 or later

https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers

CVEs Addressed	Product	Affected Versions	Updated Version	Link to Update
CVE-2024-1597, CVE-2023-33202, CVE-2024-30172, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20923, CVE-2024-20926, CVE-2024-20932, CVE-2024-22234, CVE-2024-22243, CVE-2024-22257, CVE-2024-22259, CVE-2024-22262, CVE-2021-46932, CVE-2022-20154, CVE-2023-35827, CVE-2023-52429, CVE-2023-52482, CVE-2023-52502, CVE-2023-52597, CVE-2024-0340, CVE-2024-0607, CVE-2024-0775, CVE-2024-1086, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622, CVE-2023-51385, CVE-2023-52340	Dell Policy Manager for Secure Connect Gateway	Version 5.22.00.18	Version 5.24.00.14 or later	https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers
CVE-2023-42282, CVE-2023-22467, CVE-2022-3517, CVE-2022-46175, CVE-2022-25881, CVE-2024-37131	Dell Policy Manager for Secure Connect Gateway	Versions 5.18.20 through 5.22.00.18	Version 5.24.00.14 or later	https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers

CVEs Addressed

Product

Affected Versions

Updated Version

Link to Update

Dell Policy Manager for Secure Connect Gateway

Version 5.22.00.18

Version 5.24.00.14 or later

https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers

CVE-2023-42282, CVE-2023-22467, CVE-2022-3517, CVE-2022-46175, CVE-2022-25881, CVE-2024-37131

Dell Policy Manager for Secure Connect Gateway

Versions 5.18.20 through 5.22.00.18

Version 5.24.00.14 or later

https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers

Workarounds and Mitigations

None

Revision History

Revision	Date	Description
1.0	2024-06-11	Initial Release
2.0	2024-06-12	Updated table links
3.0	2024-06-13	Updated the format for the table

DSA-2024-254: Security Update for Dell Secure Connect Gateway Policy Manager Multiple Vulnerabilities

Summary: Dell Secure Connect Gateway Policy Manager remediation for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Workarounds and Mitigations

Revision History

Related Information

Legal Information

Article Properties

Last Published Date

Article Type

Welcome

Welcome to Dell

DSA-2024-254: Security Update for Dell Secure Connect Gateway Policy Manager Multiple Vulnerabilities

Summary: Dell Secure Connect Gateway Policy Manager remediation for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Workarounds and Mitigations

Revision History

Related Information

Legal Information

Article Properties

Last Published Date

Article Type