Details of VAR-202406-1682

ID

VAR-202406-1682

CVE

CVE-2024-29168

TITLE

Dell's secure connect gateway In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-004983

DESCRIPTION

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data. Dell's secure connect gateway for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-29168 // JVNDB: JVNDB-2024-004983

AFFECTED PRODUCTS

vendor:	dell	model:	secure connect gateway	scope:	gte	version:	5.18.00.20	Trust: 1.0
vendor:	dell	model:	secure connect gateway	scope:	lte	version:	5.22.00.18	Trust: 1.0
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	5.18.00.20 to 5.22.00.18	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-004983 // NVD: CVE-2024-29168

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-29168
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2024-29168
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2024-29168
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2024-29168
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2024-29168
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	CVE-2024-29168
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-004983 // NVD: CVE-2024-29168 // NVD: CVE-2024-29168

PROBLEMTYPE DATA

problemtype:	CWE-89	Trust: 1.0
problemtype:	SQL injection (CWE-89) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-004983 // NVD: CVE-2024-29168

EXTERNAL IDS

db:	NVD	id:	CVE-2024-29168	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-004983	Trust: 0.8

sources: JVNDB: JVNDB-2024-004983 // NVD: CVE-2024-29168

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-29168	Trust: 0.8

sources: JVNDB: JVNDB-2024-004983 // NVD: CVE-2024-29168

SOURCES

db:	JVNDB	id:	JVNDB-2024-004983
db:	NVD	id:	CVE-2024-29168

LAST UPDATE DATE

2024-08-15T12:44:02.892000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-004983	date:	2024-08-08T00:51:00
db:	NVD	id:	CVE-2024-29168	date:	2024-08-06T15:28:10.527

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-004983	date:	2024-08-08T00:00:00
db:	NVD	id:	CVE-2024-29168	date:	2024-06-13T15:15:52.433