Lucene search
+L

9 matches found

CVE
CVE
added 2024/12/26 3:53 p.m.72 views

CVE-2024-51540

CVE-2024-51540 affects Dell ECS (Elastic Cloud Storage). The vulnerability is an arithmetic overflow in the retention period handling logic, impacting ECS versions prior to 3.8.1.3. An authenticated user with bucket/object-level privileges could potentially bypass retention policies and delete ob...

8.1CVSS7.2AI score0.00388EPSS
CVE
CVE
added 2024/12/09 2:46 p.m.66 views

CVE-2024-38485

CVE-2024-38485 concerns Dell ECS before version 3.8.0, with a Host Header Injection vulnerability. A remote, low-privilege attacker could trigger redirections that may lead to disclosure of sensitive information. Public documents from NVD, CVE listings, and PT-2024-9646 describe the affected soft...

4.3CVSS6.8AI score0.00307EPSS
CVE
CVE
added 2024/12/25 4:4 p.m.59 views

CVE-2024-52534

Dell ECS prior to version 3.8.1.3 contains an Authentication Bypass by Capture-replay vulnerability that could allow a low-privilege attacker with remote access to perform session theft. Affected component: Dell ECS software (enterprise object storage). Root cause: capture-replay-based bypass ena...

5.4CVSS7.1AI score0.00298EPSS
CVE
CVE
added 2024/07/18 3:39 p.m.50 views

CVE-2024-30473

Dell EMC Elastic Cloud Storage (ECS) is affected by a privilege-elevation vulnerability in the user management component for versions prior to 3.8.1. According to multiple sources, a remote attacker with high privileges could potentially exploit this flaw to access unauthorized endpoints. The lik...

6.5CVSS6.7AI score0.00328EPSS
CVE
CVE
added 2023/05/04 6:58 a.m.38 views

CVE-2023-25934

Dell EMC ECS before version 3.8.0.2 has an improper verification of cryptographic signatures, allowing a network attacker to modify the body of intercepted requests. This affects deployments using affected ECS versions. Remediation: upgrade to 3.8.0.2 or later (Dell security advisory references t...

7.5CVSS7.4AI score0.00268EPSS
CVE
CVE
added 2025/08/04 6:44 p.m.30 views

CVE-2025-26476

CVE-2025-26476 affects Dell ECS (versions prior to 3.8.1.5) and ObjectScale (prior to 4.0.0.0), where a Use of Hard-coded Cryptographic Key could allow an unauthenticated attacker with local access to achieve Unauthorized access. The issue is rooted in hard-coded keys; exploitation details are no...

8.4CVSS7AI score0.00115EPSS
CVE
CVE
added 2025/07/15 2:30 p.m.29 views

CVE-2025-30483

CVE-2025-30483 affects Dell ECS prior to 3.8.1.5 and Dell ObjectScale prior to 4.0.0.0, where an insertion of sensitive information into log files may allow a low-privilege, local attacker to disclose information. The NVD-derived CVSSv3.1 base score is 5.5 (Medium) with LOCAL, LOW complexity, and...

5.5CVSS6.1AI score0.00122EPSS
CVE
CVE
added 2026/05/22 2:31 p.m.25 views

CVE-2022-31231

CVE-2022-31231 affects Dell ECS (Dell EMC Elastic Cloud Storage) versions 3.5 and 3.6. The IAM module has an ImpropER Access Control vulnerability, enabling a remote unauthenticated attacker to obtain read access to unauthorized data . The root cause is improper access control within IAM, leading...

7.5CVSS5.8AI score0.00346EPSS
CVE
CVE
added 2026/04/08 12:43 p.m.19 views

CVE-2026-28261

CVE-2026-28261 affects Dell Elastic Cloud Storage (DE) 3.8.1.7 and earlier and Dell ObjectScale: affected ObjectScale versions prior to 4.1.0.3 and 4.2.0.0. It is a local, low-privilege accessible vulnerability that can cause insertion of sensitive information into log files, potentially exposing...

7.8CVSS5.8AI score0.00107EPSS