CVE-2024-24907

Published: Mar 1, 2024Modified: May 20, 2025

7.6

Vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

Exploitability: 1.2 / Impact: 5.8

Source: NVD

Description

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

Affected (1)

Products: Dell: Policy Manager For Secure Connect Gateway

1 product

Policy Manager For Secure Connect Gateway

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Policy Manager For Secure Connect Gateway	Before 5.22.00.16

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities

Source: security_alert@emc.com

PatchVendor Advisory

https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.