CVE-2023-44294 MEDIUM

CVE-2023-44294

Vendor Dell

Product Secure Connect Gateway-Application

Weakness CWE-89 · SQLi

Published February 14, 2024

Last update August 14, 2024

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database.

Key dates

02Disclosure timeline

February 14, 2024 CVE published

August 14, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-44294

Related vulnerabilities

Identifiers

CVE CVE-2023-44294

CWE CWE-89

CVSS 5.4 / MEDIUM

Affected versions

Vendor Dell

Product Secure Connect Gateway-Application

Affected ≥ v5.10.00.00 and ≤ v5.18.00.00

Vendor Dell

Product Secure Connect Gateway-Appliance

Affected ≥ v5.10.00.00 and ≤ v5.18.00.00

CVE-2023-44294

01Description

02Disclosure timeline

03References

04Related CVE