CVE-2024-37131

HIGH

Dell Policy Manager For Secure Connec... - Permissive CORS Policy

Title source: rule

Description

SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated user.

References (1)

[Vendor Advisory] https://www.dell.com/support/kbdoc/en-us/000225956/dsa-2024-254-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities

Scores

CVSS v3 7.5

EPSS 0.0441

EPSS Percentile 89.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-942

Status published

Products (1)

dell/policy_manager_for_secure_connect_gateway 5.18.00.20 - 5.24.00.14

Published Jun 13, 2024

Tracked Since Feb 18, 2026