Details of VAR-202403-0239

ID

VAR-202403-0239

CVE

CVE-2024-24904

TITLE

Dell's secure connect gateway Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-014072

DESCRIPTION

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2024-24904 // JVNDB: JVNDB-2024-014072 // CNVD: CNVD-2024-20303

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-20303

AFFECTED PRODUCTS

vendor:	dell	model:	policy manager for secure connect gateway	scope:	lt	version:	5.22.00.16	Trust: 1.0
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	5.22.00.16	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	-	version:	-	Trust: 0.8
vendor:	dell	model:	emc secure connect gateway	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2024-20303 // JVNDB: JVNDB-2024-014072 // NVD: CVE-2024-24904

CVSS

SEVERITY

CVSSV2

CVSSV3

security_alert@emc.com:	CVE-2024-24904
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-24904
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-24904
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-20303
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-20303
severity:	MEDIUM
baseScore:	6.7
vectorString:	AV:A/AC:L/AU:M/C:C/I:C/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	4.1
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

security_alert@emc.com:	CVE-2024-24904
baseSeverity:	HIGH
baseScore:	7.6
vectorString:	CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	5.8
version:	3.1
Trust: 2.0
NVD:	CVE-2024-24904
baseSeverity:	HIGH
baseScore:	7.6
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-20303 // JVNDB: JVNDB-2024-014072 // NVD: CVE-2024-24904 // NVD: CVE-2024-24904

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-014072 // NVD: CVE-2024-24904

PATCH

title:

Patch for Dell Secure Connect Gateway Cross-Site Scripting Vulnerability (CNVD-2024-20303)

url:

https://www.cnvd.org.cn/patchInfo/show/543976

Trust: 0.6

sources: CNVD: CNVD-2024-20303

EXTERNAL IDS

db:	NVD	id:	CVE-2024-24904	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-014072	Trust: 0.8
db:	CNVD	id:	CNVD-2024-20303	Trust: 0.6

sources: CNVD: CNVD-2024-20303 // JVNDB: JVNDB-2024-014072 // NVD: CVE-2024-24904

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-24904	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2024-24904/	Trust: 0.6

sources: CNVD: CNVD-2024-20303 // JVNDB: JVNDB-2024-014072 // NVD: CVE-2024-24904

SOURCES

db:	CNVD	id:	CNVD-2024-20303
db:	JVNDB	id:	JVNDB-2024-014072
db:	NVD	id:	CVE-2024-24904

LAST UPDATE DATE

2025-05-22T23:03:59.827000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-20303	date:	2024-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2024-014072	date:	2024-12-06T00:55:00
db:	NVD	id:	CVE-2024-24904	date:	2025-05-20T18:55:03.987

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-20303	date:	2024-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2024-014072	date:	2024-12-06T00:00:00
db:	NVD	id:	CVE-2024-24904	date:	2024-03-01T14:15:53.517