CVE-2023-44294

{"id": "CVE-2023-44294", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-02-14T09:15:35.743", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000219372/dsa-2023-403-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.dell.com/support/kbdoc/en-us/000219372/dsa-2023-403-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "\nIn Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. \nThis issue may potentially lead to unintentional information disclosure from the product database.\n\n"}, {"lang": "es", "value": "En la aplicaci\u00f3n Dell Secure Connect Gateway y el dispositivo Secure Connect Gateway (entre v5.10.00.00 y v5.18.00.00), se identific\u00f3 un problema de seguridad en el que un usuario malintencionado con una sesi\u00f3n de usuario v\u00e1lida puede inyectar contenido malicioso en los filtros API de resto de colecci\u00f3n. Este problema puede provocar potencialmente la divulgaci\u00f3n involuntaria de informaci\u00f3n de la base de datos del producto."}], "lastModified": "2024-11-21T08:25:36.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDCB5C0A-8486-4562-B045-1F5D2A42818B", "versionEndExcluding": "5.20.00.00", "versionStartIncluding": "5.10.00.00"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}