exploitDog

CVE-2025-46363

Опубликовано: 30 окт. 2025

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources.

Ссылки

https://www.dell.com/support/kbdoc/en-us/000385239/dsa-2025-386-security-update-for-dell-secure-connect-gateway-rest-api
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:application:*:*:*

Версия от 5.26.00.00 (включая) до 5.32.00.00 (исключая)

EPSS

Процентиль: 19%

0.0006

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-23

CWE-22

Связанные уязвимости

GHSA-hxw6-3gmw-qjx9

CVSS3: 4.3

github

3 месяца назад

Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources.

EPSS

Процентиль: 19%

0.0006

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-23

CWE-22