Elastic Cloud Storage
CVE-2024-22459
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace
AnalysisAI
Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-284. Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace Affected products include: Dell Elastic Cloud Storage. Version information: through 3.6.2.5.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Elastic Cloud Storage
View allEMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially b
Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. Rated critical severity (CVSS
Privilege escalation in Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale prior to 4.2.0.0 stems from hardcoded default credentia
Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext transmission of sensitive information (CVSS 7.5).
DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. Rated high severit
Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext transmission of sensitive information (CVSS 6.5).
Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of
Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. Rated medium severity
Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext storage of sensitive information (CVSS 5.5).
Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. Rated me
Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. Rated medium severity (CVSS 4.3),
Elastic Cloud Storage versions up to 3.8.1.7 is affected by inclusion of sensitive information in source code (CVSS 4.4)
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today