Dell Policy Manager For Secure Connect Gateway vulnerabilities
13 known vulnerabilities affecting dell/policy_manager_for_secure_connect_gateway.
Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH7MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-37131P2CRITICALCVSS 9.8≥ 5.18.00.20, < 5.24.00.142024-06-13
CVE-2024-37131 [CRITICAL] CWE-942 CVE-2024-37131: SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP)
SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated user.
nvd
CVE-2022-34442P3CRITICALCVSS 9.8≥ 5.10.00.00, < 5.14.00.002023-01-18
CVE-2022-34442 [CRITICAL] CWE-321 CVE-2022-34442: Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptogr
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges.
nvd
CVE-2022-34441P3CRITICALCVSS 9.8≥ 5.10.00.00, < 5.14.00.002023-01-11
CVE-2022-34441 [CRITICAL] CWE-321 CVE-2022-34441: Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptogr
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges.
nvd
CVE-2022-34440P3CRITICALCVSS 9.8≥ 5.10.00.00, < 5.14.00.002023-01-11
CVE-2022-34440 [CRITICAL] CWE-321 CVE-2022-34440: Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptogra
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges.
nvd
CVE-2024-24903P3HIGHCVSS 8.0≥ 5.10.00.10, < 5.22.00.162024-03-01
CVE-2024-24903 [HIGH] CWE-640 CVE-2024-24903: Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery me
Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the rese
nvd
CVE-2024-24900P3HIGHCVSS 7.3fixed in 5.22.00.162024-03-01
CVE-2024-24900 [HIGH] CWE-285 CVE-2024-24900: Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vu
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to information disclosure and unauthorized access to the system.
nvd
CVE-2022-34462P3HIGHCVSS 7.8≥ 5.10.00.00, < 5.14.00.002023-01-18
CVE-2022-34462 [HIGH] CWE-321 CVE-2022-34462: Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerabi
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges.
nvd
CVE-2024-24905P4HIGHCVSS 7.6fixed in 5.22.00.162024-03-01
CVE-2024-24905 [HIGH] CWE-79 CVE-2024-24905: Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scrip
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store th
nvd
CVE-2024-24904P4HIGHCVSS 7.6fixed in 5.22.00.162024-03-01
CVE-2024-24904 [HIGH] CWE-79 CVE-2024-24904: Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scrip
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store th
nvd
CVE-2024-24907P4HIGHCVSS 7.6fixed in 5.22.00.162024-03-01
CVE-2024-24907 [HIGH] CWE-79 CVE-2024-24907: Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scrip
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user access
nvd
CVE-2024-24906P4HIGHCVSS 7.6fixed in 5.22.00.162024-03-01
CVE-2024-24906 [HIGH] CWE-79 CVE-2024-24906: Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scrip
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses th
nvd
CVE-2023-39252P4MEDIUMCVSS 5.9v5.16.00.142023-09-21
CVE-2023-39252 [MEDIUM] CWE-327 CVE-2023-39252: Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remo
Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.
nvd
CVE-2025-36592P4MEDIUMCVSS 5.4fixed in 5.32.00.182025-10-30
CVE-2025-36592 [MEDIUM] CWE-79 CVE-2025-36592: Dell Secure Connect Gateway (SCG) Policy Manager, version(s) 5.20. 5.22, 5.24, 5.26, 5.28, contain(s
Dell Secure Connect Gateway (SCG) Policy Manager, version(s) 5.20. 5.22, 5.24, 5.26, 5.28, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
nvd