SQL injection in Dell Secure Connect Gateway - CVE-2024-29168

 

SQL injection in Dell Secure Connect Gateway - CVE-2024-29168

Published: August 21, 2024


Vulnerability identifier: #VU96280
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-29168
CWE-ID: CWE-89
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Dell
Affected software:
Dell Secure Connect Gateway

Detailed vulnerability description

The vulnerability allows a remote user to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data.


How to mitigate CVE-2024-29168

Install update from vendor's website.

Sources