Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Elastic_cloud_storage
(Dell)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 7 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-28 | CVE-2024-22459 | Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace | Elastic_cloud_storage | 6.5 | ||
| 2024-07-18 | CVE-2024-30473 | Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points. | Elastic_cloud_storage | 6.5 | ||
| 2024-12-09 | CVE-2024-38485 | Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-privileged attacker could potentially exploit this vulnerability to trigger redirections that leads to sensitive information leakage. | Elastic_cloud_storage | 4.3 | ||
| 2023-05-04 | CVE-2023-25934 | DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request. | Elastic_cloud_storage | 7.5 | ||
| 2024-12-25 | CVE-2024-52534 | Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft. | Elastic_cloud_storage | 5.4 | ||
| 2024-12-26 | CVE-2024-51540 | Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could potentially exploit this vulnerability to bypass retention policies and delete objects. | Elastic_cloud_storage | 6.5 | ||
| 2017-10-03 | CVE-2017-8021 | EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. | Elastic_cloud_storage | N/A |