Objectscale
Monthly
Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext storage of sensitive information (CVSS 5.5).
Elastic Cloud Storage versions up to 3.8.1.7 is affected by inclusion of sensitive information in source code (CVSS 4.4).
Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext transmission of sensitive information (CVSS 6.5).
Privilege escalation in Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale prior to 4.2.0.0 stems from hardcoded default credentials in the operating system that a remote authenticated attacker can leverage to gain elevated privileges. An attacker with low-level access can exploit this vulnerability to achieve full system compromise including confidentiality, integrity, and availability impacts. No patch is currently available for affected versions.
Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext transmission of sensitive information (CVSS 7.5).
Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. Rated low severity (CVSS 3.1), this vulnerability is no authentication required. No vendor patch available.
Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext storage of sensitive information (CVSS 5.5).
Elastic Cloud Storage versions up to 3.8.1.7 is affected by inclusion of sensitive information in source code (CVSS 4.4).
Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext transmission of sensitive information (CVSS 6.5).
Privilege escalation in Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale prior to 4.2.0.0 stems from hardcoded default credentials in the operating system that a remote authenticated attacker can leverage to gain elevated privileges. An attacker with low-level access can exploit this vulnerability to achieve full system compromise including confidentiality, integrity, and availability impacts. No patch is currently available for affected versions.
Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext transmission of sensitive information (CVSS 7.5).
Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. Rated low severity (CVSS 3.1), this vulnerability is no authentication required. No vendor patch available.
Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.