Skip to main content

Elastic Cloud Storage CVE-2024-51540

MEDIUM
Integer Overflow or Wraparound (CWE-190)
2024-12-26 security_alert@emc.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 26, 2024 - 16:15 nvd
MEDIUM 6.5

DescriptionNVD

Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could potentially exploit this vulnerability to bypass retention policies and delete objects.

AnalysisAI

Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could potentially exploit this vulnerability to bypass retention policies and delete objects. Affected products include: Dell Elastic Cloud Storage. Version information: prior to 3.8.1.3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

CVE-2017-8021 CRITICAL
9.8 Oct 03

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially b

CVE-2018-11052 CRITICAL
9.8 Jul 03

Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. Rated critical severity (CVSS

CVE-2026-22273 HIGH
8.8 Jan 23

Privilege escalation in Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale prior to 4.2.0.0 stems from hardcoded default credentia

CVE-2026-22271 HIGH
7.5 Jan 23

Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext transmission of sensitive information (CVSS 7.5).

CVE-2023-25934 HIGH
7.5 May 04

DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. Rated high severit

CVE-2026-22274 MEDIUM
6.5 Jan 23

Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext transmission of sensitive information (CVSS 6.5).

CVE-2024-30473 MEDIUM
6.5 Jul 18

Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. Rated medium severity

CVE-2024-22459 MEDIUM
6.5 Feb 28

Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper a

CVE-2026-22276 MEDIUM
5.5 Jan 23

Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext storage of sensitive information (CVSS 5.5).

CVE-2024-52534 MEDIUM
5.4 Dec 25

Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. Rated me

CVE-2025-26477 MEDIUM
4.3 Apr 17

Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. Rated medium severity (CVSS 4.3),

CVE-2026-22275 MEDIUM
4.4 Jan 23

Elastic Cloud Storage versions up to 3.8.1.7 is affected by inclusion of sensitive information in source code (CVSS 4.4)

Share

CVE-2024-51540 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy