cbcvebase.

Dell Ecs vulnerabilities

15 known vulnerabilities affecting dell/ecs.

Total CVEs
15
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM10

Vulnerabilities

Page 1 of 1
CVE-2026-35157P2CRITICALCVSS 9.8fixed in 4.3.0.0 or later2026-05-11
CVE-2026-35157 [CRITICAL] CWE-1236 CVE-2026-35157: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution.
nvd
CVE-2025-26477P3HIGHCVSS 8.8≥ N/A, < 4.02025-04-17
CVE-2025-26477 [HIGH] CWE-20 CVE-2025-26477: Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privile Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
nvd
CVE-2022-31231P3HIGHCVSS 7.5fixed in 3.5.1.7fixed in 3.6.2.42026-05-22
CVE-2022-31231 [HIGH] CWE-284 CVE-2022-31231: Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Manage Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management (IAM) module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data.
cvelistv5nvd
CVE-2026-40636P3HIGHCVSS 7.8fixed in 4.3.0.0 or later2026-05-11
CVE-2026-40636 [HIGH] CWE-798 CVE-2026-40636: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker.
nvd
CVE-2023-25934P3HIGHCVSS 7.5vVersion<= 3.8.0.12023-05-04
CVE-2023-25934 [HIGH] CWE-347 CVE-2023-25934: DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerabilit DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.
nvd
CVE-2024-51540P3MEDIUMCVSS 6.5≥ N/A, < 3.8.1.32024-12-26
CVE-2024-51540 [MEDIUM] CWE-190 CVE-2024-51540: Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retentio Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could potentially exploit this vulnerability to bypass retention policies and delete objects.
nvd
CVE-2024-22459P3MEDIUMCVSS 6.5≥ 3.8, ≤ 3.8.0.4≥ 3.7, ≤ 3.7.0.6+1 more2024-02-28
CVE-2024-22459 [MEDIUM] CWE-284 CVE-2024-22459: Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, c Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace
nvd
CVE-2025-43992P3MEDIUMCVSS 5.6fixed in 4.3.0.0 or later2026-05-11
CVE-2025-43992 [MEDIUM] CWE-302 CVE-2025-43992: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data in transit.
nvd
CVE-2024-30473P3MEDIUMCVSS 6.5≥ N/A, < 3.8.1.12024-07-18
CVE-2024-30473 [MEDIUM] CWE-269 CVE-2024-30473: Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points.
nvd
CVE-2024-52534P4MEDIUMCVSS 5.4≥ N/A, < 3.8.1.32024-12-25
CVE-2024-52534 [MEDIUM] CWE-294 CVE-2024-52534: Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vul Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft.
nvd
CVE-2026-26946P4MEDIUMCVSS 6.7fixed in 4.3.0.0 or later2026-05-11
CVE-2026-26946 [MEDIUM] CWE-269 CVE-2026-26946: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
nvd
CVE-2025-26478P4MEDIUMCVSS 6.5≥ N/A, < 4.02025-04-17
CVE-2025-26478 [MEDIUM] CWE-295 CVE-2025-26478: Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unau Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.
nvd
CVE-2025-26476P4MEDIUMCVSS 5.5≥ N/A, < 3.8.1.52025-08-04
CVE-2025-26476 [MEDIUM] CWE-321 CVE-2025-26476: Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptog Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
nvd
CVE-2025-30483P4MEDIUMCVSS 5.5≥ NA, < 3.8.1.52025-07-15
CVE-2025-30483 [MEDIUM] CWE-532 CVE-2025-30483: Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0 contains an Insertion of Sensitive I Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
nvd
CVE-2024-38485P4MEDIUMCVSS 4.3≥ N/A, < 3.8.02024-12-09
CVE-2024-38485 [MEDIUM] CWE-601 CVE-2024-38485: Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-pr Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-privileged attacker could potentially exploit this vulnerability to trigger redirections that leads to sensitive information leakage.
nvd
Dell Ecs vulnerabilities | cvebase