CVE-2022-31231: Improper Access Control in Dell ECS 3.5/3.6 IAM Module: CVE-2022-31231 May 2026

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management (IAM) module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data.

Vulnerability Analysis

CVE-2022-31231 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:

NETWORK

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

What is an Authorization Vulnerability?

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2022-31231 has been classified to as an Authorization vulnerability or weakness.

CVE-2022-31231: Improper Access Control in Dell ECS 3.5/3.6 IAM Module
CVE-2022-31231 Published on May 22, 2026

Vulnerability Analysis

Weakness Type

What is an Authorization Vulnerability?

Affected Versions

CVE-2022-31231: Improper Access Control in Dell ECS 3.5/3.6 IAM ModuleCVE-2022-31231 Published on May 22, 2026

Vulnerability Analysis

Weakness Type

What is an Authorization Vulnerability?

Affected Versions

CVE-2022-31231: Improper Access Control in Dell ECS 3.5/3.6 IAM Module
CVE-2022-31231 Published on May 22, 2026