CVE-2024-37131 HIGH

CVE-2024-37131

Vendor Dell
Product Secure Connect Gateway (SCG) Policy Manager
Weakness CWE-942
Published June 13, 2024
Last update August 2, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated user.

Key dates

02Disclosure timeline

June 13, 2024 CVE published
August 2, 2024 Record updated