cbcvebase.

Dell Elastic Cloud Storage vulnerabilities

25 known vulnerabilities affecting dell/elastic_cloud_storage.

Total CVEs
25
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH7MEDIUM15

Vulnerabilities

Page 1 of 2
CVE-2026-35157P2CRITICALCVSS 9.8≥ 3.8.1.0, < 4.3.0.02026-05-11
CVE-2026-35157 [CRITICAL] CWE-1236 CVE-2026-35157: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution.
nvd
CVE-2019-3766P2CRITICALCVSS 9.8vprior to 3.4.0.02019-09-27
CVE-2019-3766 [CRITICAL] CWE-307 CVE-2019-3766: Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication a Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts.
nvd
CVE-2026-22273P2HIGHCVSS 8.8≥ 3.8.1.0, < 4.2.0.02026-01-23
CVE-2026-22273 [HIGH] CWE-1392 CVE-2026-22273: Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
nvd
CVE-2025-26477P3HIGHCVSS 8.8≤ 3.8.1.42025-04-17
CVE-2025-26477 [HIGH] CWE-20 CVE-2025-26477: Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privile Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
nvd
CVE-2022-31231P3HIGHCVSS 7.5fixed in 3.5.1.7≥ 3.6.0.0, < 3.6.2.42026-05-22
CVE-2022-31231 [HIGH] CWE-284 CVE-2022-31231: Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Manage Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management (IAM) module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data.
nvd
CVE-2017-8021P3CRITICALCVSS 9.8≤ 3.02017-10-03
CVE-2017-8021 [CRITICAL] CWE-1188 CVE-2017-8021: EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.
nvd
CVE-2020-5386P3HIGHCVSS 7.5≥ unspecified, < 3.52020-09-02
CVE-2020-5386 [HIGH] CWE-668 CVE-2020-5386: Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauth Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system.
nvd
CVE-2026-40636P3HIGHCVSS 7.8≥ 3.8.1.0, < 4.3.0.02026-05-11
CVE-2026-40636 [HIGH] CWE-798 CVE-2026-40636: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker.
nvd
CVE-2026-22271P3HIGHCVSS 7.5≥ 3.8.1.0, < 4.2.0.02026-01-23
CVE-2026-22271 [HIGH] CWE-319 CVE-2026-22271: Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information exposure.
nvd
CVE-2023-25934P3HIGHCVSS 7.5fixed in 3.8.0.22023-05-04
CVE-2023-25934 [HIGH] CWE-347 CVE-2023-25934: DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerabilit DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.
nvd
CVE-2024-51540P3MEDIUMCVSS 6.5fixed in 3.8.1.32024-12-26
CVE-2024-51540 [MEDIUM] CWE-190 CVE-2024-51540: Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retentio Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could potentially exploit this vulnerability to bypass retention policies and delete objects.
nvd
CVE-2024-22459P3MEDIUMCVSS 6.5≥ 3.6.0.0, < 3.6.2.6≥ 3.7.0.0, < 3.7.0.7+1 more2024-02-28
CVE-2024-22459 [MEDIUM] CWE-284 CVE-2024-22459: Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, c Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace
nvd
CVE-2025-43992P3MEDIUMCVSS 5.6≥ 3.8.1.0, < 4.3.0.02026-05-11
CVE-2025-43992 [MEDIUM] CWE-302 CVE-2025-43992: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data in transit.
nvd
CVE-2024-30473P3MEDIUMCVSS 6.5fixed in 3.8.1.12024-07-18
CVE-2024-30473 [MEDIUM] CWE-269 CVE-2024-30473: Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points.
nvd
CVE-2026-22274P3MEDIUMCVSS 6.5≥ 3.8.1.0, < 4.2.0.02026-01-23
CVE-2026-22274 [MEDIUM] CWE-319 CVE-2026-22274: Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exploit this vulnerability to intercept and modify information in transit.
nvd
CVE-2024-52534P4MEDIUMCVSS 5.4fixed in 3.8.1.32024-12-25
CVE-2024-52534 [MEDIUM] CWE-294 CVE-2024-52534: Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vul Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft.
nvd
CVE-2026-26946P4MEDIUMCVSS 6.7≥ 3.8.1.0, < 4.3.0.02026-05-11
CVE-2026-26946 [MEDIUM] CWE-269 CVE-2026-26946: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
nvd
CVE-2025-26478P4MEDIUMCVSS 6.5≤ 3.8.1.42025-04-17
CVE-2025-26478 [MEDIUM] CWE-295 CVE-2025-26478: Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unau Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.
nvd
CVE-2025-26476P4MEDIUMCVSS 5.5fixed in 3.8.1.52025-08-04
CVE-2025-26476 [MEDIUM] CWE-321 CVE-2025-26476: Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptog Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
nvd
CVE-2026-28261P4MEDIUMCVSS 5.5fixed in 4.2.0.1fixed in 4.2.0.1 or later2026-04-08
CVE-2026-28261 [MEDIUM] CWE-532 CVE-2026-28261: Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0 Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use t
nvd
Dell Elastic Cloud Storage vulnerabilities | cvebase