Lucene search
K
DellElastic Cloud Storage

22 matches found

CVE
CVE
added 2024/02/28 8:22 a.m.122 views

CVE-2024-22459

Dell ECS (versions 3.6–3.6.2.5, 3.7–3.7.0.6, and 3.8–3.8.0.4) contains an improper access control vulnerability that could allow a remote high-privileged attacker to access all buckets and their data within a namespace. The issue is confirmed across multiple sources in the connected documents and...

6.8CVSS6.3AI score0.0046EPSS
CVE
CVE
added 2024/12/26 3:53 p.m.72 views

CVE-2024-51540

CVE-2024-51540 affects Dell ECS (Elastic Cloud Storage). The vulnerability is an arithmetic overflow in the retention period handling logic, impacting ECS versions prior to 3.8.1.3. An authenticated user with bucket/object-level privileges could potentially bypass retention policies and delete ob...

8.1CVSS7.2AI score0.00388EPSS
CVE
CVE
added 2024/12/09 2:46 p.m.66 views

CVE-2024-38485

CVE-2024-38485 concerns Dell ECS before version 3.8.0, with a Host Header Injection vulnerability. A remote, low-privilege attacker could trigger redirections that may lead to disclosure of sensitive information. Public documents from NVD, CVE listings, and PT-2024-9646 describe the affected soft...

4.3CVSS6.8AI score0.00307EPSS
CVE
CVE
added 2025/04/17 11:37 a.m.66 views

CVE-2025-26478

Dell ECS vulnerable? CVE-2025-26478 affects Dell ECS 3.8.1.4 and earlier. The root cause is improper certificate validation in the server, enabling an unauthenticated attacker with adjacent network access to cause information disclosure. Exploitation details are not provided in the linked documen...

6.5CVSS7AI score0.00116EPSS
CVE
CVE
added 2025/04/17 11:45 a.m.63 views

CVE-2025-26477

CVE-2025-26477 affects Dell ECS up to version 3.8.1.4: an Improper Input Validation vulnerability that could allow a low-privileged, remotely authenticated attacker to achieve code execution. The connected documents confirm the affected software and the root cause (input validation error) with a ...

8.8CVSS7.4AI score0.00359EPSS
CVE
CVE
added 2024/12/25 4:4 p.m.59 views

CVE-2024-52534

Dell ECS prior to version 3.8.1.3 contains an Authentication Bypass by Capture-replay vulnerability that could allow a low-privilege attacker with remote access to perform session theft. Affected component: Dell ECS software (enterprise object storage). Root cause: capture-replay-based bypass ena...

5.4CVSS7.1AI score0.00298EPSS
CVE
CVE
added 2017/10/02 5:0 a.m.51 views

CVE-2017-8021

EMC Elastic Cloud Storage (ECS) before version 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. The NVD entry for CVE-2017-8021 indicates a high-impact, unauthenticated, network-exposed issue with a ...

10CVSS9.2AI score0.02063EPSS
CVE
CVE
added 2024/07/18 3:39 p.m.50 views

CVE-2024-30473

Dell EMC Elastic Cloud Storage (ECS) is affected by a privilege-elevation vulnerability in the user management component for versions prior to 3.8.1. According to multiple sources, a remote attacker with high privileges could potentially exploit this flaw to access unauthorized endpoints. The lik...

6.5CVSS6.7AI score0.00328EPSS
CVE
CVE
added 2023/05/04 6:58 a.m.38 views

CVE-2023-25934

Dell EMC ECS before version 3.8.0.2 has an improper verification of cryptographic signatures, allowing a network attacker to modify the body of intercepted requests. This affects deployments using affected ECS versions. Remediation: upgrade to 3.8.0.2 or later (Dell security advisory references t...

7.5CVSS7.4AI score0.00268EPSS
CVE
CVE
added 2025/08/04 6:44 p.m.30 views

CVE-2025-26476

CVE-2025-26476 affects Dell ECS (versions prior to 3.8.1.5) and ObjectScale (prior to 4.0.0.0), where a Use of Hard-coded Cryptographic Key could allow an unauthenticated attacker with local access to achieve Unauthorized access. The issue is rooted in hard-coded keys; exploitation details are no...

8.4CVSS7AI score0.00115EPSS
CVE
CVE
added 2025/07/15 2:30 p.m.29 views

CVE-2025-30483

CVE-2025-30483 affects Dell ECS prior to 3.8.1.5 and Dell ObjectScale prior to 4.0.0.0, where an insertion of sensitive information into log files may allow a low-privilege, local attacker to disclose information. The NVD-derived CVSSv3.1 base score is 5.5 (Medium) with LOCAL, LOW complexity, and...

5.5CVSS6.1AI score0.00122EPSS
CVE
CVE
added 2026/01/23 9:14 a.m.28 views

CVE-2026-22273

Dell ECS (versions 3.8.1.0–3.8.1.7) and Dell ObjectScale (versions prior to 4.2.0.0) contain a Use of Default Credentials vulnerability in the OS. A low-privileged, remote attacker could potentially exploit this to achieve Elevation of Privileges. Remediation: upgrade Dell ECS to a newer version ...

8.8CVSS5.5AI score0.00332EPSS
CVE
CVE
added 2026/01/23 9:34 a.m.28 views

CVE-2026-22275

Dell ECS (versions 3.8.1.0–3.8.1.7) and Dell ObjectScale (versions prior to 4.2.0.0) have an Inclusion of Sensitive Information in Source Code vulnerability. A low-privileged attacker with local access could exploit this to expose information. CVSSv3.1 base score 4.4 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/...

4.4CVSS5.5AI score0.00128EPSS
CVE
CVE
added 2026/05/11 9:33 a.m.27 views

CVE-2026-35157

Dell ECS 3.8.1.0–3.8.1.7 and Dell ObjectScale

9.8CVSS5.9AI score0.00317EPSS
CVE
CVE
added 2026/05/22 2:31 p.m.25 views

CVE-2022-31231

CVE-2022-31231 affects Dell ECS (Dell EMC Elastic Cloud Storage) versions 3.5 and 3.6. The IAM module has an ImpropER Access Control vulnerability, enabling a remote unauthenticated attacker to obtain read access to unauthorized data . The root cause is improper access control within IAM, leading...

7.5CVSS5.8AI score0.00346EPSS
CVE
CVE
added 2026/05/11 9:27 a.m.25 views

CVE-2025-43992

CVE-2025-43992 affects Dell EMC: Dell ECS versions 3.8.1.0–3.8.1.7 and Dell ObjectScale versions before 4.3.0.0. The issue is an authentication bypass via assumed-immutable data in Geo replication, allowing an unauthenticated attacker with remote access to potentially access data in transit. The ...

5.6CVSS5.8AI score0.00235EPSS
CVE
CVE
added 2026/01/23 8:54 a.m.21 views

CVE-2026-22271

CVE-2026-22271 affects Dell ECS (versions 3.8.1.0–3.8.1.7) and Dell ObjectScale (versions prior to 4.2.0.0). The issue is cleartext transmission of sensitive information accessible via remote, unauthenticated access, potentially exposing data. Exploitation appears to be network-based with high im...

7.5CVSS5.5AI score0.00192EPSS
CVE
CVE
added 2026/01/23 9:25 a.m.21 views

CVE-2026-22274

CVE-2026-22274 affects Dell EMC/Dell ObjectScale: Dell ECS versions 3.8.1.0–3.8.1.7 and Dell ObjectScale prior to 4.2.0.0 contain a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated remote attacker could intercept and modify information in tran...

6.5CVSS5.6AI score0.0016EPSS
CVE
CVE
added 2026/01/23 9:42 a.m.21 views

CVE-2026-22276

CVE-2026-22276 affects Dell ECS (versions 3.8.1.0–3.8.1.7) and Dell ObjectScale (versions before 4.2.0.0). The issue is a Cleartext Storage of Sensitive Information vulnerability that can lead to information disclosure. Exploitation is described as possible by a low-privileged attacker with local...

5.5CVSS5.4AI score0.00094EPSS
CVE
CVE
added 2026/05/11 9:39 a.m.21 views

CVE-2026-26946

CVE-2026-26946 affects Dell EMC ECS (versions 3.8.1.0–3.8.1.7) and Dell ObjectScale (prior to 4.3.0.0). The issue is an improper privilege management vulnerability in the operating system. A high-privileged attacker with local access could potentially exploit this to achieve elevation of privileg...

6.7CVSS5.8AI score0.00104EPSS
CVE
CVE
added 2026/04/08 12:43 p.m.18 views

CVE-2026-28261

CVE-2026-28261 affects Dell Elastic Cloud Storage (DE) 3.8.1.7 and earlier and Dell ObjectScale: affected ObjectScale versions prior to 4.1.0.3 and 4.2.0.0. It is a local, low-privilege accessible vulnerability that can cause insertion of sensitive information into log files, potentially exposing...

7.8CVSS5.8AI score0.00107EPSS
CVE
CVE
added 2026/05/11 8:57 a.m.18 views

CVE-2026-40636

Dell ECS (3.8.1.0–3.8.1.7) and Dell ObjectScale versions before 4.3.0.0 contain a hard-coded credential issue. An unauthenticated, locally-accessible attacker could potentially obtain filesystem access. CVSS 3.1 base score 9.8 (CRITICAL) indicates high impact on confidentiality, integrity, and av...

9.8CVSS5.8AI score0.00223EPSS