本ページは dell elastic_cloud_storage に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-40636 | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker. | [email protected] | 9.8 | 0.05% | 2026-05-11 | 2026-05-12 |
| CVE-2026-35157 | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution. | [email protected] | 5.8 | 0.11% | 2026-05-11 | 2026-05-12 |
| CVE-2026-26946 | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges. | [email protected] | 6.7 | 0.01% | 2026-05-11 | 2026-05-12 |
| CVE-2025-43992 | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data in transit. | [email protected] | 5.6 | 0.03% | 2026-05-11 | 2026-05-16 |
| CVE-2026-28261 | Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use the exposed secret to access the vulnerable system with privileges of the compromised account. | [email protected] | 7.8 | 0.01% | 2026-04-08 | 2026-04-13 |
| CVE-2026-22276 | Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | [email protected] | 5.5 | 0.01% | 2026-01-23 | 2026-02-18 |
| CVE-2026-22275 | Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | [email protected] | 4.4 | 0.01% | 2026-01-23 | 2026-02-18 |
| CVE-2026-22274 | Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exploit this vulnerability to intercept and modify information in transit. | [email protected] | 6.5 | 0.03% | 2026-01-23 | 2026-02-18 |
| CVE-2026-22273 | Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. | [email protected] | 8.8 | 0.04% | 2026-01-23 | 2026-02-18 |
| CVE-2026-22271 | Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information exposure. | [email protected] | 7.5 | 0.02% | 2026-01-23 | 2026-02-18 |
| CVE-2025-26476 | Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. | [email protected] | 8.4 | 0.06% | 2025-08-04 | 2026-01-14 |
| CVE-2025-30483 | Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | [email protected] | 5.5 | 0.07% | 2025-07-15 | 2025-08-02 |
| CVE-2025-26478 | Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure. | [email protected] | 3.1 | 0.12% | 2025-04-17 | 2025-08-01 |
| CVE-2025-26477 | Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. | [email protected] | 4.3 | 0.66% | 2025-04-17 | 2025-08-01 |
| CVE-2024-51540 | Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could potentially exploit this vulnerability to bypass retention policies and delete objects. | [email protected] | 8.1 | 0.09% | 2024-12-26 | 2025-01-21 |
| CVE-2024-52534 | Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft. | [email protected] | 5.4 | 0.03% | 2024-12-25 | 2025-01-21 |
| CVE-2024-38485 | Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-privileged attacker could potentially exploit this vulnerability to trigger redirections that leads to sensitive information leakage. | [email protected] | 4.3 | 0.16% | 2024-12-09 | 2025-02-04 |
| CVE-2024-30473 | Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points. | [email protected] | 4.9 | 0.15% | 2024-07-18 | 2025-02-04 |
| CVE-2024-22459 | Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace | [email protected] | 6.8 | 0.22% | 2024-02-28 | 2025-02-04 |
| CVE-2023-25934 | DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request. | [email protected] | 5.9 | 0.12% | 2023-05-04 | 2025-01-29 |