Search criteria
8 vulnerabilities found for Elastic Cloud Storage by Dell
VAR-201710-1306
Vulnerability from variot - Updated: 2025-04-20 23:40EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Versions prior to EMC Elastic Cloud Storage 3.1 are vulnerable. A remote attacker could exploit this vulnerability to take control of an affected system.
Details:
ECS versions prior to 3.1 contain an undocumented account (emcservice) that is protected with a default password. This user account is intended for use by customer support representatives to troubleshoot ECS configuration issues.
Resolution:
Information about this account has been added to the ECS 3.1 Security Configuration Guide. EMC recommends all customers to change the default password at the earliest opportunity.
Link to Remedy: Customers are requested to contact Customer Support to help change the default password for this account.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQEcBAEBCAAGBQJZypJ7AAoJEHbcu+fsE81Zox4H/R/y4X7VOWaM7dH/tZHcwdvr kPZ+2OF/qGqArBpOQxO3l8tZp986Ru2BOz+VSZeh/4ZUl91o2SyNv5WdB3tT6bIl VhWm9NtrCU60m5m2LAGvDnaycqjC+oDQOYJ0uD6bgYu5VGNPySaQ1Nd7yGucQ+nR /8yxLWomiUmXJkW/7xeEBZ9sNugL9RdKBq30B4K9FPKtYQ8wcf7PF5rv8JHVqGax bkbtJOjnYHeC+LUFtcJ9CPpC8MUQ2ua70LBSDeunPsOZdwjDLm8KhYZ75v0hCEi3 veye1eNG2/NRLFf25hMmNh7rh/nT2p4jsSAU6qYu11lQKPH36Iq6N9DXCSC/l44= =8t9r -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-1306",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "elastic cloud storage",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.0"
},
{
"model": "elastic cloud storage",
"scope": "eq",
"trust": 0.9,
"vendor": "emc",
"version": "3.0"
},
{
"model": "elastic cloud storage",
"scope": "lt",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "3.1"
},
{
"model": "elastic cloud storage",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "3.1"
}
],
"sources": [
{
"db": "BID",
"id": "101018"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008976"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1398"
},
{
"db": "NVD",
"id": "CVE-2017-8021"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emc:elastic_cloud_storage",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008976"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "101018"
}
],
"trust": 0.3
},
"cve": "CVE-2017-8021",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-8021",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-116224",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-8021",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-8021",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-8021",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-8021",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-1398",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-116224",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-8021",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116224"
},
{
"db": "VULMON",
"id": "CVE-2017-8021"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008976"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1398"
},
{
"db": "NVD",
"id": "CVE-2017-8021"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. \nVersions prior to EMC Elastic Cloud Storage 3.1 are vulnerable. A remote attacker could exploit this vulnerability to take control of an affected system. \n\nDetails: \nECS versions prior to 3.1 contain an undocumented account (emcservice) that is protected with a default password. This user account is intended for use by customer support representatives to troubleshoot ECS configuration issues. \n\nResolution: \nInformation about this account has been added to the ECS 3.1 Security Configuration Guide. EMC recommends all customers to change the default password at the earliest opportunity. \n\nLink to Remedy:\nCustomers are requested to contact Customer Support to help change the default password for this account. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2\n\niQEcBAEBCAAGBQJZypJ7AAoJEHbcu+fsE81Zox4H/R/y4X7VOWaM7dH/tZHcwdvr\nkPZ+2OF/qGqArBpOQxO3l8tZp986Ru2BOz+VSZeh/4ZUl91o2SyNv5WdB3tT6bIl\nVhWm9NtrCU60m5m2LAGvDnaycqjC+oDQOYJ0uD6bgYu5VGNPySaQ1Nd7yGucQ+nR\n/8yxLWomiUmXJkW/7xeEBZ9sNugL9RdKBq30B4K9FPKtYQ8wcf7PF5rv8JHVqGax\nbkbtJOjnYHeC+LUFtcJ9CPpC8MUQ2ua70LBSDeunPsOZdwjDLm8KhYZ75v0hCEi3\nveye1eNG2/NRLFf25hMmNh7rh/nT2p4jsSAU6qYu11lQKPH36Iq6N9DXCSC/l44=\n=8t9r\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8021"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008976"
},
{
"db": "BID",
"id": "101018"
},
{
"db": "VULHUB",
"id": "VHN-116224"
},
{
"db": "VULMON",
"id": "CVE-2017-8021"
},
{
"db": "PACKETSTORM",
"id": "144375"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8021",
"trust": 3.0
},
{
"db": "BID",
"id": "101018",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008976",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1398",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "144375",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-116224",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-8021",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116224"
},
{
"db": "VULMON",
"id": "CVE-2017-8021"
},
{
"db": "BID",
"id": "101018"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008976"
},
{
"db": "PACKETSTORM",
"id": "144375"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1398"
},
{
"db": "NVD",
"id": "CVE-2017-8021"
}
]
},
"id": "VAR-201710-1306",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-116224"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:40:00.254000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Elastic Cloud Storage (ECS)",
"trust": 0.8,
"url": "https://www.emc.com/collateral/white-papers/h14071-ecs-architectural-guide-wp.pdf"
},
{
"title": "EMC Elastic Cloud Storage Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75256"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008976"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1398"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1188",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116224"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008976"
},
{
"db": "NVD",
"id": "CVE-2017-8021"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://seclists.org/fulldisclosure/2017/sep/74"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/101018"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8021"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8021"
},
{
"trust": 0.3,
"url": "http://www.emc.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/1188.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116224"
},
{
"db": "VULMON",
"id": "CVE-2017-8021"
},
{
"db": "BID",
"id": "101018"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008976"
},
{
"db": "PACKETSTORM",
"id": "144375"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1398"
},
{
"db": "NVD",
"id": "CVE-2017-8021"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-116224"
},
{
"db": "VULMON",
"id": "CVE-2017-8021"
},
{
"db": "BID",
"id": "101018"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008976"
},
{
"db": "PACKETSTORM",
"id": "144375"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1398"
},
{
"db": "NVD",
"id": "CVE-2017-8021"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-116224"
},
{
"date": "2017-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8021"
},
{
"date": "2017-09-26T00:00:00",
"db": "BID",
"id": "101018"
},
{
"date": "2017-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008976"
},
{
"date": "2017-09-28T00:32:06",
"db": "PACKETSTORM",
"id": "144375"
},
{
"date": "2017-09-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1398"
},
{
"date": "2017-10-03T01:29:03.247000",
"db": "NVD",
"id": "CVE-2017-8021"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "VULHUB",
"id": "VHN-116224"
},
{
"date": "2020-08-19T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8021"
},
{
"date": "2017-09-26T00:00:00",
"db": "BID",
"id": "101018"
},
{
"date": "2017-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008976"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1398"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-8021"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "144375"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1398"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EMC Elastic Cloud Storage Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008976"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1398"
}
],
"trust": 0.6
}
}
VAR-202305-0363
Vulnerability from variot - Updated: 2025-01-30 23:04DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request. Dell's elastic cloud storage Exists in a digital signature verification vulnerability.Information may be tampered with. Dell EMC ECS is a storage device of Dell (Dell)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-0363",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "elastic cloud storage",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "3.8.0.2"
},
{
"model": "elastic cloud storage",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "elastic cloud storage",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "3.8.0.2"
},
{
"model": "elastic cloud storage",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "emc ecs",
"scope": "lt",
"trust": 0.6,
"vendor": "dell",
"version": "3.8.0.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-43239"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009724"
},
{
"db": "NVD",
"id": "CVE-2023-25934"
}
]
},
"cve": "CVE-2023-25934",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-43239",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-25934",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2023-25934",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-25934",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "security_alert@emc.com",
"id": "CVE-2023-25934",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-25934",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-25934",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-25934",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2023-43239",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202305-207",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-43239"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009724"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-207"
},
{
"db": "NVD",
"id": "CVE-2023-25934"
},
{
"db": "NVD",
"id": "CVE-2023-25934"
},
{
"db": "NVD",
"id": "CVE-2023-25934"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nDELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request. Dell\u0027s elastic cloud storage Exists in a digital signature verification vulnerability.Information may be tampered with. Dell EMC ECS is a storage device of Dell (Dell)",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-25934"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009724"
},
{
"db": "CNVD",
"id": "CNVD-2023-43239"
},
{
"db": "VULMON",
"id": "CVE-2023-25934"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-25934",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009724",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-43239",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202305-207",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-25934",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-43239"
},
{
"db": "VULMON",
"id": "CVE-2023-25934"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009724"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-207"
},
{
"db": "NVD",
"id": "CVE-2023-25934"
}
]
},
"id": "VAR-202305-0363",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-43239"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-43239"
}
]
},
"last_update_date": "2025-01-30T23:04:28.770000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Dell EMC ECS encryption issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/429696"
},
{
"title": "Dell EMC ECS Repair measures for data forgery problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=236990"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-43239"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-207"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-347",
"trust": 1.0
},
{
"problemtype": "Improper verification of digital signatures (CWE-347) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009724"
},
{
"db": "NVD",
"id": "CVE-2023-25934"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.dell.com/support/kbdoc/en-us/000212970/dsa-2023-109-dell-ecs-security-update-for-multiple-vulnerabilities"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-25934"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-25934/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-43239"
},
{
"db": "VULMON",
"id": "CVE-2023-25934"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009724"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-207"
},
{
"db": "NVD",
"id": "CVE-2023-25934"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-43239"
},
{
"db": "VULMON",
"id": "CVE-2023-25934"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009724"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-207"
},
{
"db": "NVD",
"id": "CVE-2023-25934"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-43239"
},
{
"date": "2023-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2023-25934"
},
{
"date": "2023-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-009724"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-207"
},
{
"date": "2023-05-04T07:15:22.510000",
"db": "NVD",
"id": "CVE-2023-25934"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-43239"
},
{
"date": "2023-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2023-25934"
},
{
"date": "2023-12-06T06:43:00",
"db": "JVNDB",
"id": "JVNDB-2023-009724"
},
{
"date": "2023-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-207"
},
{
"date": "2025-01-29T17:15:23.307000",
"db": "NVD",
"id": "CVE-2023-25934"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-207"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u0027s \u00a0elastic\u00a0cloud\u00a0storage\u00a0 Digital Signature Verification Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009724"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-207"
}
],
"trust": 0.6
}
}
CVE-2020-5386 (GCVE-0-2020-5386)
Vulnerability from nvd – Published: 2020-09-02 20:55 – Updated: 2024-09-16 20:58
VLAI?
Summary
Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system.
Severity ?
8.1 (High)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Elastic Cloud Storage |
Affected:
unspecified , < 3.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/545893/DSA-2020-208-Dell-EMC-ECS-Security-Update-for-an-Exposure-of-Resource-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Elastic Cloud Storage",
"vendor": "Dell",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-02T20:55:19",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/545893/DSA-2020-208-Dell-EMC-ECS-Security-Update-for-an-Exposure-of-Resource-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-08-18",
"ID": "CVE-2020-5386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Elastic Cloud Storage",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.5"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.1,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/545893/DSA-2020-208-Dell-EMC-ECS-Security-Update-for-an-Exposure-of-Resource-vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/545893/DSA-2020-208-Dell-EMC-ECS-Security-Update-for-an-Exposure-of-Resource-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5386",
"datePublished": "2020-09-02T20:55:19.410906Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T20:58:12.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5317 (GCVE-0-2020-5317)
Vulnerability from nvd – Published: 2020-02-06 17:45 – Updated: 2024-09-17 03:28
VLAI?
Summary
Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.
Severity ?
6.2 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Elastic Cloud Storage |
Affected:
unspecified , < 3.4.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/540788/DSA-2020-016-Dell-EMC-ECS-Cross-Site-Scripting-XSS-Vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Elastic Cloud Storage",
"vendor": "Dell",
"versions": [
{
"lessThan": "3.4.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-06T17:45:21",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/540788/DSA-2020-016-Dell-EMC-ECS-Cross-Site-Scripting-XSS-Vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-01-29",
"ID": "CVE-2020-5317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Elastic Cloud Storage",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.4.0.1"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.2,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/540788/DSA-2020-016-Dell-EMC-ECS-Cross-Site-Scripting-XSS-Vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/540788/DSA-2020-016-Dell-EMC-ECS-Cross-Site-Scripting-XSS-Vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5317",
"datePublished": "2020-02-06T17:45:21.324979Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-17T03:28:03.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3766 (GCVE-0-2019-3766)
Vulnerability from nvd – Published: 2019-09-27 20:22 – Updated: 2024-09-17 02:01
VLAI?
Summary
Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts.
Severity ?
8.1 (High)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Elastic Cloud Storage |
Affected:
prior to 3.4.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/537465/DSA-2019-140-Dell-EMC-Elastic-Cloud-Storage-ECS-Improper-Restriction-of-Excessive-Authenticatio"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Elastic Cloud Storage",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "prior to 3.4.0.0"
}
]
}
],
"datePublic": "2019-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-27T20:22:13",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.dell.com/support/security/en-us/details/537465/DSA-2019-140-Dell-EMC-Elastic-Cloud-Storage-ECS-Improper-Restriction-of-Excessive-Authenticatio"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-09-24",
"ID": "CVE-2019-3766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Elastic Cloud Storage",
"version": {
"version_data": [
{
"version_value": "prior to 3.4.0.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.1,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-307: Improper Restriction of Excessive Authentication Attempts"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/537465/DSA-2019-140-Dell-EMC-Elastic-Cloud-Storage-ECS-Improper-Restriction-of-Excessive-Authenticatio",
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/security/en-us/details/537465/DSA-2019-140-Dell-EMC-Elastic-Cloud-Storage-ECS-Improper-Restriction-of-Excessive-Authenticatio"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3766",
"datePublished": "2019-09-27T20:22:13.683831Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:01:43.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5386 (GCVE-0-2020-5386)
Vulnerability from cvelistv5 – Published: 2020-09-02 20:55 – Updated: 2024-09-16 20:58
VLAI?
Summary
Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system.
Severity ?
8.1 (High)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Elastic Cloud Storage |
Affected:
unspecified , < 3.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/545893/DSA-2020-208-Dell-EMC-ECS-Security-Update-for-an-Exposure-of-Resource-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Elastic Cloud Storage",
"vendor": "Dell",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-02T20:55:19",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/545893/DSA-2020-208-Dell-EMC-ECS-Security-Update-for-an-Exposure-of-Resource-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-08-18",
"ID": "CVE-2020-5386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Elastic Cloud Storage",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.5"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.1,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/545893/DSA-2020-208-Dell-EMC-ECS-Security-Update-for-an-Exposure-of-Resource-vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/545893/DSA-2020-208-Dell-EMC-ECS-Security-Update-for-an-Exposure-of-Resource-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5386",
"datePublished": "2020-09-02T20:55:19.410906Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T20:58:12.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5317 (GCVE-0-2020-5317)
Vulnerability from cvelistv5 – Published: 2020-02-06 17:45 – Updated: 2024-09-17 03:28
VLAI?
Summary
Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.
Severity ?
6.2 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Elastic Cloud Storage |
Affected:
unspecified , < 3.4.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/540788/DSA-2020-016-Dell-EMC-ECS-Cross-Site-Scripting-XSS-Vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Elastic Cloud Storage",
"vendor": "Dell",
"versions": [
{
"lessThan": "3.4.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-06T17:45:21",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/540788/DSA-2020-016-Dell-EMC-ECS-Cross-Site-Scripting-XSS-Vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-01-29",
"ID": "CVE-2020-5317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Elastic Cloud Storage",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.4.0.1"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.2,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/540788/DSA-2020-016-Dell-EMC-ECS-Cross-Site-Scripting-XSS-Vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/540788/DSA-2020-016-Dell-EMC-ECS-Cross-Site-Scripting-XSS-Vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5317",
"datePublished": "2020-02-06T17:45:21.324979Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-17T03:28:03.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3766 (GCVE-0-2019-3766)
Vulnerability from cvelistv5 – Published: 2019-09-27 20:22 – Updated: 2024-09-17 02:01
VLAI?
Summary
Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts.
Severity ?
8.1 (High)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Elastic Cloud Storage |
Affected:
prior to 3.4.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/537465/DSA-2019-140-Dell-EMC-Elastic-Cloud-Storage-ECS-Improper-Restriction-of-Excessive-Authenticatio"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Elastic Cloud Storage",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "prior to 3.4.0.0"
}
]
}
],
"datePublic": "2019-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-27T20:22:13",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.dell.com/support/security/en-us/details/537465/DSA-2019-140-Dell-EMC-Elastic-Cloud-Storage-ECS-Improper-Restriction-of-Excessive-Authenticatio"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-09-24",
"ID": "CVE-2019-3766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Elastic Cloud Storage",
"version": {
"version_data": [
{
"version_value": "prior to 3.4.0.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.1,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-307: Improper Restriction of Excessive Authentication Attempts"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/537465/DSA-2019-140-Dell-EMC-Elastic-Cloud-Storage-ECS-Improper-Restriction-of-Excessive-Authenticatio",
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/security/en-us/details/537465/DSA-2019-140-Dell-EMC-Elastic-Cloud-Storage-ECS-Improper-Restriction-of-Excessive-Authenticatio"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3766",
"datePublished": "2019-09-27T20:22:13.683831Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:01:43.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}