Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
History

Tue, 06 Aug 2024 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell secure Connect Gateway
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:*:*:*:*
Vendors & Products Dell
Dell secure Connect Gateway

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published: 2024-06-13T14:51:28.103Z

Updated: 2024-08-02T01:03:51.428Z

Reserved: 2024-03-13T15:42:12.960Z

Link: CVE-2024-28966

cve-icon Vulnrichment

Updated: 2024-08-02T01:03:51.428Z

cve-icon NVD

Status : Modified

Published: 2024-06-13T15:15:51.423

Modified: 2024-11-21T09:07:17.153

Link: CVE-2024-28966

cve-icon Redhat

No data.