VYPR

ECS

by Dell

CVEs (23)

  • CVE-2026-40636CriMay 11, 2026
    risk 0.64cvss 9.8epss 0.00

    Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for…

  • CVE-2019-3766CriSep 27, 2019
    risk 0.64cvss 9.8epss 0.02

    Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts.

  • CVE-2018-11052CriJul 3, 2018
    risk 0.64cvss 9.8epss 0.04

    Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects by supplying specially crafted S3 requests.

  • CVE-2024-51540HigDec 26, 2024
    risk 0.53cvss 8.1epss 0.00

    Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could potentially exploit this vulnerability to bypass retention…

  • CVE-2026-26946MedMay 11, 2026
    risk 0.44cvss 6.7epss 0.00

    Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of…

  • CVE-2024-22459MedFeb 28, 2024
    risk 0.44cvss 6.8epss 0.00

    Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and…

  • CVE-2022-31231MedMay 22, 2026
    risk 0.38cvss 5.9epss 0.00

    Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management (IAM) module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data.

  • CVE-2026-35157MedMay 11, 2026
    risk 0.38cvss 5.8epss 0.00

    Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability,…

  • CVE-2023-25934MedMay 4, 2023
    risk 0.38cvss 5.9epss 0.00

    DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.

  • CVE-2025-43992MedMay 11, 2026
    risk 0.36cvss 5.6epss 0.00

    Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability,…

  • CVE-2025-30483MedJul 15, 2025
    risk 0.36cvss 5.5epss 0.00

    Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

  • CVE-2024-52534MedDec 25, 2024
    risk 0.35cvss 5.4epss 0.00

    Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft.

  • CVE-2024-30473MedJul 18, 2024
    risk 0.32cvss 4.9epss 0.00

    Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points.

  • CVE-2020-5317MedFeb 6, 2020
    risk 0.31cvss 4.8epss 0.01

    Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their…

  • CVE-2025-26477MedApr 17, 2025
    risk 0.28cvss 4.3epss 0.00

    Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

  • CVE-2024-38485MedDec 9, 2024
    risk 0.28cvss 4.3epss 0.00

    Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-privileged attacker could potentially exploit this vulnerability to trigger redirections that leads to sensitive information leakage.

  • CVE-2025-26478LowApr 17, 2025
    risk 0.20cvss 3.1epss 0.00

    Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.

  • CVE-2026-22276Jan 23, 2026
    risk 0.00cvss epss 0.00

    Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information…

  • CVE-2026-22275Jan 23, 2026
    risk 0.00cvss epss 0.00

    Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to…

  • CVE-2026-22274Jan 23, 2026
    risk 0.00cvss epss 0.00

    Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exploit this vulnerability…

Page 1 of 2