Dell Elastic Cloud Storage

Dell ECS <=3.8.1.5 ObjectScale 4.0 Hard-Coded Crypto Key
CVE-2025-26476 - August 04, 2025

Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

Use of Hard-coded Cryptographic Key

Dell ECS (V < 3.8.1.5) Sensitive Info Log Vulner
CVE-2025-30483 - July 15, 2025

Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Insertion of Sensitive Information into Log File

Dell ECS Improper Cert Validation (v3.8.1.4 & prior)
CVE-2025-26478 6.5 - Medium - April 17, 2025

Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.

Improper Certificate Validation

Improper Input Validation in Dell ECS <3.8.1.4 Leads to RCE
CVE-2025-26477 4.3 - Medium - April 17, 2025

Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

Improper Input Validation

Dell ECS Arithmetic Overflow Vulnerability in Retention Period Handling
CVE-2024-51540 6.5 - Medium - December 26, 2024

Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could potentially exploit this vulnerability to bypass retention policies and delete objects.

Integer Overflow or Wraparound

Dell ECS Authentication Bypass by Capture-replay Vulnerability
CVE-2024-52534 5.4 - Medium - December 25, 2024

Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft.

Authentication Bypass by Capture-replay

Dell ECS <3.8.0 Host Header Injection Vulnerability
CVE-2024-38485 4.3 - Medium - December 09, 2024

Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-privileged attacker could potentially exploit this vulnerability to trigger redirections that leads to sensitive information leakage.

Open Redirect

Dell ECS <3.8.1 PrivEsc via User Mgmt
CVE-2024-30473 6.5 - Medium - July 18, 2024

Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points.

Improper Privilege Management

Dell ECS CVE-2024-22459 Improper Access Control (3.6-3.8)
CVE-2024-22459 6.5 - Medium - February 28, 2024

Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace

Authorization

Dell ECS <3.8.0.2: Improper Sig Verification Allows Body Tampering
CVE-2023-25934 7.5 - High - May 04, 2023

DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.

Improper Verification of Cryptographic Signature

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability
CVE-2017-8021 - October 03, 2017

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.