CVE-2022-31231
published 2026-05-22CVE-2022-31231: Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management (IAM) module. A remote unauthenticated attacker may…
PriorityP350high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.35%
26.5th percentile
Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management (IAM) module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | ecs | < 3.5.1.7 | 3.5.1.7 |
| dell | ecs | < 3.6.2.4 | 3.6.2.4 |
| dell | elastic_cloud_storage | < 3.5.1.7 | 3.5.1.7 |
| dell | elastic_cloud_storage | >= 3.6.0.0 < 3.6.2.4 | 3.6.2.4 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvelistv5v3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g2g3-wfq2-3g8v: Dell ECS, versions 3
ghsa_unreviewed·2026-05-26
CVE-2022-31231 [HIGH] CWE-284 GHSA-g2g3-wfq2-3g8v: Dell ECS, versions 3
Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management (IAM) module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data.
CVEList
CVE-2022-31231: Dell ECS, versions 3
cvelistv5·2026-05-22·CVSS 5.9
CVE-2022-31231 [MEDIUM] CWE-284 CVE-2022-31231: Dell ECS, versions 3
Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management (IAM) module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data.
VulDB
Dell ECS 3.5/3.6 access control
vuldb·2026-05-22
CVE-2022-31231 [LOW] Dell ECS 3.5/3.6 access control
A vulnerability was found in Dell ECS 3.5/3.6 and classified as critical. This affects an unknown function. The manipulation results in improper access controls.
This vulnerability was named CVE-2022-31231. The attack may be performed from remote. There is no available exploit.
It is suggested to upgrade the affected component.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-22
Published