CVE-2024-37131

HIGH

Dell Policy Manager for Secure Connect Gateway 5.18.00.20-5.24.00.14 - Unauthenticated CORS Bypass

Title source: llm

Description

SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated user.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.dell.com/support/kbdoc/en-us/000225956/dsa-2024-254-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities

Scores

CVSS v3 7.5

EPSS 0.0049

EPSS Percentile 38.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-942

Status published

Products (1)

dell/policy_manager_for_secure_connect_gateway 5.18.00.20 - 5.24.00.14

Published Jun 13, 2024

Tracked Since Feb 18, 2026