9 matches found
CVE-2024-51540
CVE-2024-51540 affects Dell ECS (Elastic Cloud Storage). The vulnerability is an arithmetic overflow in the retention period handling logic, impacting ECS versions prior to 3.8.1.3. An authenticated user with bucket/object-level privileges could potentially bypass retention policies and delete ob...
CVE-2024-38485
CVE-2024-38485 concerns Dell ECS before version 3.8.0, with a Host Header Injection vulnerability. A remote, low-privilege attacker could trigger redirections that may lead to disclosure of sensitive information. Public documents from NVD, CVE listings, and PT-2024-9646 describe the affected soft...
CVE-2024-52534
Dell ECS prior to version 3.8.1.3 contains an Authentication Bypass by Capture-replay vulnerability that could allow a low-privilege attacker with remote access to perform session theft. Affected component: Dell ECS software (enterprise object storage). Root cause: capture-replay-based bypass ena...
CVE-2024-30473
Dell EMC Elastic Cloud Storage (ECS) is affected by a privilege-elevation vulnerability in the user management component for versions prior to 3.8.1. According to multiple sources, a remote attacker with high privileges could potentially exploit this flaw to access unauthorized endpoints. The lik...
CVE-2023-25934
Dell EMC ECS before version 3.8.0.2 has an improper verification of cryptographic signatures, allowing a network attacker to modify the body of intercepted requests. This affects deployments using affected ECS versions. Remediation: upgrade to 3.8.0.2 or later (Dell security advisory references t...
CVE-2025-26476
CVE-2025-26476 affects Dell ECS (versions prior to 3.8.1.5) and ObjectScale (prior to 4.0.0.0), where a Use of Hard-coded Cryptographic Key could allow an unauthenticated attacker with local access to achieve Unauthorized access. The issue is rooted in hard-coded keys; exploitation details are no...
CVE-2025-30483
CVE-2025-30483 affects Dell ECS prior to 3.8.1.5 and Dell ObjectScale prior to 4.0.0.0, where an insertion of sensitive information into log files may allow a low-privilege, local attacker to disclose information. The NVD-derived CVSSv3.1 base score is 5.5 (Medium) with LOCAL, LOW complexity, and...
CVE-2022-31231
CVE-2022-31231 affects Dell ECS (Dell EMC Elastic Cloud Storage) versions 3.5 and 3.6. The IAM module has an ImpropER Access Control vulnerability, enabling a remote unauthenticated attacker to obtain read access to unauthorized data . The root cause is improper access control within IAM, leading...
CVE-2026-28261
CVE-2026-28261 affects Dell Elastic Cloud Storage (DE) 3.8.1.7 and earlier and Dell ObjectScale: affected ObjectScale versions prior to 4.1.0.3 and 4.2.0.0. It is a local, low-privilege accessible vulnerability that can cause insertion of sensitive information into log files, potentially exposing...