CVE-2024-38485

Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-privileged attacker could potentially exploit this vulnerability to trigger redirections that leads to sensitive information leakage.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:*

History

04 Feb 2025, 16:07

Type Values Removed Values Added
CPE cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:*
First Time Dell elastic Cloud Storage
Dell
References () https://www.dell.com/support/kbdoc/en-us/000256185/dsa-2024-331-security-update-for-dell-ecs-host-header-injection-vulnerability - () https://www.dell.com/support/kbdoc/en-us/000256185/dsa-2024-331-security-update-for-dell-ecs-host-header-injection-vulnerability - Vendor Advisory

09 Dec 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-12-09 15:15

Updated : 2025-02-04 16:07


NVD link : CVE-2024-38485

Mitre link : CVE-2024-38485

CVE.ORG link : CVE-2024-38485


JSON object : View

Products Affected

dell

  • elastic_cloud_storage
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')