CVE-2024-22459

Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:*

History

04 Feb 2025, 17:26

Type Values Removed Values Added
CPE cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
References () https://www.dell.com/support/kbdoc/en-us/000222470/dsa-2024-078-security-update-for-dell-ecs-access-control-vulnerability - () https://www.dell.com/support/kbdoc/en-us/000222470/dsa-2024-078-security-update-for-dell-ecs-access-control-vulnerability - Vendor Advisory
First Time Dell elastic Cloud Storage
Dell

21 Nov 2024, 08:56

Type Values Removed Values Added
References () https://www.dell.com/support/kbdoc/en-us/000222470/dsa-2024-078-security-update-for-dell-ecs-access-control-vulnerability - () https://www.dell.com/support/kbdoc/en-us/000222470/dsa-2024-078-security-update-for-dell-ecs-access-control-vulnerability -
Summary
  • (es) Dell ECS, versiones 3.6 a 3.6.2.5, 3.7 a 3.7.0.6 y 3.8 a 3.8.0.4, contienen una vulnerabilidad de control de acceso inadecuado. Un atacante remoto con altos privilegios podría explotar esta vulnerabilidad, lo que llevaría a un acceso no autorizado a todos los depósitos y sus datos dentro de un espacio de nombres.

28 Feb 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-28 09:15

Updated : 2025-02-04 17:26


NVD link : CVE-2024-22459

Mitre link : CVE-2024-22459

CVE.ORG link : CVE-2024-22459


JSON object : View

Products Affected

dell

  • elastic_cloud_storage
CWE
CWE-284

Improper Access Control

NVD-CWE-noinfo