CVE-2024-29169: SQL Injection
First published: Thu Jun 13 2024(Updated: )
Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell Secure Connect Gateway | <5.22.00.00 | |
| Dell Emc Secure Connect Gateway | >=5.18.00.20<5.24.00.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-29169?
CVE-2024-29169 is considered a high-severity vulnerability due to its potential for remote exploitation.
How do I fix CVE-2024-29169?
To mitigate CVE-2024-29169, upgrade Dell SCG to version 5.22.00.00 or higher.
Who is affected by CVE-2024-29169?
CVE-2024-29169 affects users of Dell SCG versions prior to 5.22.00.00.
What type of vulnerability is CVE-2024-29169?
CVE-2024-29169 is classified as a SQL Injection vulnerability in the SCG UI.
What could an attacker achieve by exploiting CVE-2024-29169?
An attacker exploiting CVE-2024-29169 could execute arbitrary SQL commands on the backend database.
- agent/references
- agent/weakness
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/dell
- canonical/dell secure connect gateway
- canonical/dell emc secure connect gateway
- version/dell emc secure connect gateway/5.18.00.20