SQL injection in Dell Secure Connect Gateway - CVE-2024-29169

 

SQL injection in Dell Secure Connect Gateway - CVE-2024-29169

Published: August 21, 2024


Vulnerability identifier: #VU96278
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-29169
CWE-ID: CWE-89
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Dell
Affected software:
Dell Secure Connect Gateway

Detailed vulnerability description

The vulnerability allows a remote user to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data.


How to mitigate CVE-2024-29169

Install update from vendor's website.

Sources