Dell Secure Connect Gateway
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Dell Secure Connect Gateway.
By the Year
In 2026 there have been 1 vulnerability in Dell Secure Connect Gateway with an average score of 6.4 out of ten. Last year, in 2025 Secure Connect Gateway had 3 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Secure Connect Gateway in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.75.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 6.40 |
| 2025 | 3 | 5.65 |
| 2024 | 20 | 6.94 |
| 2023 | 2 | 6.20 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 5.50 |
It may take a day or so for new Secure Connect Gateway vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Dell Secure Connect Gateway Security Vulnerabilities
Dell SCG 5.26-5.30 Exec Privilege Escalation Vulnerability
CVE-2025-46696
6.4 - Medium
- January 06, 2026
Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application, version(s) versions 5.26 to 5.30, contain(s) an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Execution with Unnecessary Privileges
Dell SCG SRS 5.26 Live-Restore Improper Config
CVE-2025-26475
5.5 - Medium
- March 19, 2025
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack exposure, preventing accidental misconfigurations, and ensuring security controls remain active.
authentification
Dell Secure Connect Gateway SRS 5.26 Sensitive Info Exposure
CVE-2025-23382
5.8 - Medium
- March 19, 2025
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.c
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Dell SCG <5.28: Local SQLi via improper neutralization of special elements (non-sensitive data exfil
CVE-2024-51539
- February 25, 2025
The Dell Secure Connect Gateway (SCG) Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attacker with access to the system could potentially exploit this vulnerability, leading to the disclosure of non-sensitive information that does not include any customer data.
SQL Injection
Dell Secure Connect Gateway 5.0 Appliance SRS 5.24 Improper Cert Validation
CVE-2024-47241
8.1 - High
- October 18, 2024
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains an Improper Certificate Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access and modification of transmitted data.
Improper Certificate Validation
Dell Secure Connect Gateway SCG 5.0 5.24 SRS Weak Crypto
CVE-2024-48016
8.8 - High
- October 18, 2024
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use exposed credentials to access the system with privileges of the compromised account.
Use of a Broken or Risky Cryptographic Algorithm
Dell SCG 5.24 - Improper Default Permissions Granting Local Write Access
CVE-2024-47240
6.3 - Medium
- October 18, 2024
Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data and cause a version update failure condition.
Incorrect Default Permissions
Dell SCG <5.22.00.00 SQLi via Audit REST API UI
CVE-2024-29169
8.1 - High
- June 13, 2024
Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data.
SQL Injection
Dell SCG <5.22.00.00 SQLi in Internal Assets REST API
CVE-2024-29168
8.8 - High
- June 13, 2024
Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data.
SQL Injection
Dell SCG 5.23 Improper Access Control via REST API [CVE-2024-28969]
CVE-2024-28969
4.3 - Medium
- June 13, 2024
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources.
Authorization
Dell SCG <5.24.00.00 Improper Access Control in Admin APIs
CVE-2024-28968
5.4 - Medium
- June 13, 2024
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
Authorization
Dell SCG Improper Access Control in API (<=5.23)
CVE-2024-28967
5.4 - Medium
- June 13, 2024
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
Authorization
Dell SCG Improper Access Control (pre5.24.00.00) Admin APIs Exposure
CVE-2024-28966
5.4 - Medium
- June 13, 2024
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
Authorization
Dell SCG <5.24 Improper Access Control Internal Enable REST API
CVE-2024-28965
5.4 - Medium
- June 13, 2024
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
Authorization
Dell SCG Policy Manager Stored XSS (CVE-2024-24904)
CVE-2024-24904
7.6 - High
- March 01, 2024
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
XSS
Dell SCG Policy Manager weak pass reset token leakage (before 5.10)
CVE-2024-24903
8 - High
- March 01, 2024
Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change.
Weak Password Recovery Mechanism for Forgotten Password
Dell SCG Policy Manager: Stored XSS can lead to code exec
CVE-2024-24905
7.6 - High
- March 01, 2024
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
XSS
Dell SCG Policy Manager Stored XSS via Filters Page
CVE-2024-24907
7.6 - High
- March 01, 2024
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
XSS
Dell Secure Connect GW Policy Manager Stored XSS
CVE-2024-24906
7.6 - High
- March 01, 2024
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
XSS
Dell SCG Policy Manager Improper Auth: Allows Unauthorized Device Addition
CVE-2024-24900
7.3 - High
- March 01, 2024
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to information disclosure and unauthorized access to the system.
AuthZ
Dell Secure Connect Gateway 5.18 Inadequate Encrypt Strength (CVE202422458)
CVE-2024-22458
5.3 - Medium
- March 01, 2024
Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.
Use of a Broken or Risky Cryptographic Algorithm
Dell SCG 5.20 Imp. Auth during SRS->SCG Update Enables Server Impersonation
CVE-2024-22457
8.8 - High
- March 01, 2024
Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server.
Authentication Bypass by Spoofing
Dell Secure Connect Gateway v5.10v5.18: Content Injection in Collection Rest API
CVE-2023-44294
6.5 - Medium
- February 14, 2024
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database.
SQL Injection
Dell Secure Connect Gateway 5.10-5.18 IP Range API Injection (Info Disclosure)
CVE-2023-44293
6.5 - Medium
- February 14, 2024
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database.
SQL Injection
Dell SCG 5.14: Info Disclosure via SRS to SCG Upgrade
CVE-2023-28043
6.5 - Medium
- June 01, 2023
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
Use of a Broken or Risky Cryptographic Algorithm
Dell SCG 5.14 Unauth MitM via Broken Crypto Alg
CVE-2023-23695
5.9 - Medium
- February 17, 2023
Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.
Use of a Broken or Risky Cryptographic Algorithm
Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability
CVE-2021-36340
5.5 - Medium
- November 20, 2021
Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.
Insertion of Sensitive Information into Log File
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Dell Secure Connect Gateway or by Dell? Click the Watch button to subscribe.
