cbcvebase.
CVE-2024-22459
published 2024-02-28

CVE-2024-22459: Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote…

PriorityP337medium6.5CVSS 3.1
AVNACLPRHUINSUCHIHAN
EPSS
0.46%
36.5th percentile
Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace

Affected

6 ranges
VendorProductVersion rangeFixed in
dellecs3.6 – 3.6.2.5
dellecs3.7 – 3.7.0.6
dellecs3.8 – 3.8.0.4
dellelastic_cloud_storage>= 3.6.0.0 < 3.6.2.63.6.2.6
dellelastic_cloud_storage>= 3.7.0.0 < 3.7.0.73.7.0.7
dellelastic_cloud_storage>= 3.8.0.0 < 3.8.0.53.8.0.5
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.