VYPR

Secure Connect Gateway

by Dell

CVEs (33)

  • CVE-2022-34462HigJan 18, 2023
    risk 0.55cvss 8.4epss 0.00

    Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges.

  • CVE-2022-34440HigJan 11, 2023
    risk 0.55cvss 8.4epss 0.00

    Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin…

  • CVE-2024-24903HigMar 1, 2024
    risk 0.52cvss 8.0epss 0.00

    Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with…

  • CVE-2022-34442HigJan 18, 2023
    risk 0.52cvss 8.0epss 0.00

    Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.  An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP…

  • CVE-2022-34441HigJan 11, 2023
    risk 0.52cvss 8.0epss 0.00

    Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin…

  • CVE-2021-36340HigNov 20, 2021
    risk 0.51cvss 7.8epss 0.00

    Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.

  • CVE-2024-37131HigJun 13, 2024
    risk 0.49cvss 7.5epss 0.00

    SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of…

  • CVE-2024-24907HigMar 1, 2024
    risk 0.49cvss 7.6epss 0.00

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or…

  • CVE-2024-24905HigMar 1, 2024
    risk 0.49cvss 7.6epss 0.00

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a…

  • CVE-2024-24904HigMar 1, 2024
    risk 0.49cvss 7.6epss 0.00

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a…

  • CVE-2024-24906HigMar 1, 2024
    risk 0.49cvss 7.6epss 0.00

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or…

  • CVE-2024-22457HigMar 1, 2024
    risk 0.46cvss 7.1epss 0.00

    Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed…

  • CVE-2023-28043MedJun 1, 2023
    risk 0.42cvss 6.5epss 0.00

    Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.

  • CVE-2024-24900MedMar 1, 2024
    risk 0.38cvss 5.8epss 0.00

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to…

  • CVE-2023-39252MedSep 21, 2023
    risk 0.38cvss 5.9epss 0.00

    Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.

  • CVE-2023-23695MedFeb 17, 2023
    risk 0.38cvss 5.9epss 0.00

    Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.

  • CVE-2024-47240MedOct 18, 2024
    risk 0.36cvss 5.5epss 0.00

    Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data and cause a version update…

  • CVE-2024-29169MedJun 13, 2024
    risk 0.35cvss 5.4epss 0.00

    Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend…

  • CVE-2024-29168MedJun 13, 2024
    risk 0.35cvss 5.4epss 0.00

    Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's…

  • CVE-2024-28968MedJun 13, 2024
    risk 0.35cvss 5.4epss 0.00

    Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability,…

Page 1 of 2