{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44294", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2023-09-28T09:32:10.186Z", "datePublished": "2024-02-14T08:24:00.579Z", "dateUpdated": "2024-08-14T18:39:12.452Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Secure Connect Gateway-Application", "vendor": "Dell", "versions": [{"lessThanOrEqual": "v5.18.00.00", "status": "affected", "version": "v5.10.00.00", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Secure Connect Gateway-Appliance", "vendor": "Dell", "versions": [{"lessThanOrEqual": "v5.18.00.00", "status": "affected", "version": "v5.10.00.00", "versionType": "semver"}]}], "datePublic": "2023-11-08T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. </span><br><span style=\"background-color: rgb(255, 255, 255);\">This issue may potentially lead to unintentional information disclosure from the product database.</span>\n\n"}], "value": "\nIn Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. \nThis issue may potentially lead to unintentional information disclosure from the product database.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-02-14T08:24:00.579Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000219372/dsa-2023-403-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:52.000Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000219372/dsa-2023-403-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-14T18:39:03.378474Z", "id": "CVE-2023-44294", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T18:39:12.452Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000219372/dsa-2023-403-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:52.000Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-44294", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-14T18:39:03.378474Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T18:39:08.500Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "Secure Connect Gateway-Application", "versions": [{"status": "affected", "version": "v5.10.00.00", "versionType": "semver", "lessThanOrEqual": "v5.18.00.00"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "Secure Connect Gateway-Appliance", "versions": [{"status": "affected", "version": "v5.10.00.00", "versionType": "semver", "lessThanOrEqual": "v5.18.00.00"}], "defaultStatus": "unaffected"}], "datePublic": "2023-11-08T06:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000219372/dsa-2023-403-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nIn Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. \nThis issue may potentially lead to unintentional information disclosure from the product database.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. </span><br><span style=\"background-color: rgb(255, 255, 255);\">This issue may potentially lead to unintentional information disclosure from the product database.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-02-14T08:24:00.579Z"}}}, "cveMetadata": {"cveId": "CVE-2023-44294", "state": "PUBLISHED", "dateUpdated": "2024-08-14T18:39:12.452Z", "dateReserved": "2023-09-28T09:32:10.186Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2024-02-14T08:24:00.579Z", "assignerShortName": "dell"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDCB5C0A-8486-4562-B045-1F5D2A42818B", "versionEndExcluding": "5.20.00.00", "versionStartIncluding": "5.10.00.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nIn Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. \nThis issue may potentially lead to unintentional information disclosure from the product database.\n\n"}, {"lang": "es", "value": "En la aplicaci\u00f3n Dell Secure Connect Gateway y el dispositivo Secure Connect Gateway (entre v5.10.00.00 y v5.18.00.00), se identific\u00f3 un problema de seguridad en el que un usuario malintencionado con una sesi\u00f3n de usuario v\u00e1lida puede inyectar contenido malicioso en los filtros API de resto de colecci\u00f3n. Este problema puede provocar potencialmente la divulgaci\u00f3n involuntaria de informaci\u00f3n de la base de datos del producto."}], "id": "CVE-2023-44294", "lastModified": "2024-11-21T08:25:36.477", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-14T09:15:35.743", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000219372/dsa-2023-403-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000219372/dsa-2023-403-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security_alert@emc.com", "type": "Secondary"}]}

{}

{}