SB2023080714 - Multiple vulnerabilities in Dell Secure Connect Gateway Security Policy Manager

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2023-20860)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an input validation error caused by using the wildcard ("**") as a pattern in Spring Security configuration with the mvcRequestMatcher, which creates a mismatch in pattern matching between Spring Security and Spring MVC. A remote attacker can bypass certain security restrictions.

2) Input validation error (CVE-ID: CVE-2023-20861)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of SpEL expressions. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

3) Security features bypass (CVE-ID: CVE-2023-20862)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the logout support does not properly clean the security context if using serialized versions. A remote attacker can save an empty security context to the HttpSessionSecurityContextRepository and keep users authenticated even after they performed logout.

4) Input validation error (CVE-ID: CVE-2023-20863)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user can use a specially crafted SpEL expression and perform a denial of service (DoS) attack.

5) Sensitive cookie in HTTPS session without Secure attribute (CVE-ID: CVE-2023-28708)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to Apache Tomcat does not set the "Secure" attribute for the JSESSIONID session cookie when using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https. A remote attacker can force the application to transmit cookie via an insecure channel and intercept it.

6) Improper input validation (CVE-ID: CVE-2023-21830)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Serialization component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

7) Improper input validation (CVE-ID: CVE-2023-21843)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Sound component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

8) Uncontrolled Recursion (CVE-ID: CVE-2023-1370)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled recursion when processing nested arrays and objects. A remote attacker can pass specially crafted JSON data to the application and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.dell.com/support/kbdoc/nl-nl/000214200/dsa-2023-193-dell-secure-connect-gateway-security-policy-manager-update-for-multiple-vulnerabilities