Skip to main content

Elastic Cloud Storage

16 CVEs product

Monthly

CVE-2026-22276 MEDIUM This Month

Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext storage of sensitive information (CVSS 5.5).

Information Disclosure Objectscale Elastic Cloud Storage
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-22275 MEDIUM This Month

Elastic Cloud Storage versions up to 3.8.1.7 is affected by inclusion of sensitive information in source code (CVSS 4.4).

Information Disclosure Objectscale Elastic Cloud Storage
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-22274 MEDIUM This Month

Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext transmission of sensitive information (CVSS 6.5).

Information Disclosure Dell Objectscale Elastic Cloud Storage
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22273 HIGH This Week

Privilege escalation in Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale prior to 4.2.0.0 stems from hardcoded default credentials in the operating system that a remote authenticated attacker can leverage to gain elevated privileges. An attacker with low-level access can exploit this vulnerability to achieve full system compromise including confidentiality, integrity, and availability impacts. No patch is currently available for affected versions.

Information Disclosure Dell Objectscale Elastic Cloud Storage
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-22271 HIGH This Week

Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext transmission of sensitive information (CVSS 7.5).

Information Disclosure Objectscale Elastic Cloud Storage
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-26476 HIGH This Month

Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Elastic Cloud Storage Objectscale
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-26478 LOW Monitor

Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. Rated low severity (CVSS 3.1), this vulnerability is no authentication required. No vendor patch available.

Dell Information Disclosure Elastic Cloud Storage Objectscale
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-26477 MEDIUM This Month

Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell RCE Elastic Cloud Storage Objectscale
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-51540 MEDIUM This Month

Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Dell Elastic Cloud Storage
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-52534 MEDIUM This Month

Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Elastic Cloud Storage
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-38485 MEDIUM This Month

Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Dell Elastic Cloud Storage
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-30473 MEDIUM This Month

Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Dell Elastic Cloud Storage
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-22459 MEDIUM This Month

Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Elastic Cloud Storage
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-25934 HIGH This Week

DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Dell Elastic Cloud Storage
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2018-11052 CRITICAL Act Now

Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Elastic Cloud Storage
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2017-8021 CRITICAL Act Now

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elastic Cloud Storage
NVD
CVSS 3.1
9.8
EPSS
1.0%
EPSS 0% CVSS 5.5
MEDIUM This Month

Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext storage of sensitive information (CVSS 5.5).

Information Disclosure Objectscale Elastic Cloud Storage
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Elastic Cloud Storage versions up to 3.8.1.7 is affected by inclusion of sensitive information in source code (CVSS 4.4).

Information Disclosure Objectscale Elastic Cloud Storage
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext transmission of sensitive information (CVSS 6.5).

Information Disclosure Dell Objectscale +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Privilege escalation in Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale prior to 4.2.0.0 stems from hardcoded default credentials in the operating system that a remote authenticated attacker can leverage to gain elevated privileges. An attacker with low-level access can exploit this vulnerability to achieve full system compromise including confidentiality, integrity, and availability impacts. No patch is currently available for affected versions.

Information Disclosure Dell Objectscale +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext transmission of sensitive information (CVSS 7.5).

Information Disclosure Objectscale Elastic Cloud Storage
NVD
EPSS 0% CVSS 8.4
HIGH This Month

Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Elastic Cloud Storage +1
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. Rated low severity (CVSS 3.1), this vulnerability is no authentication required. No vendor patch available.

Dell Information Disclosure Elastic Cloud Storage +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell RCE Elastic Cloud Storage +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Dell +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Elastic Cloud Storage
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Dell Elastic Cloud Storage
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Dell Elastic Cloud Storage
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Elastic Cloud Storage
NVD
EPSS 0% CVSS 7.5
HIGH This Week

DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Dell +1
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Elastic Cloud Storage
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elastic Cloud Storage
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy