CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5386
https://notcve.org/view.php?id=CVE-2020-5386
Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system. Dell EMC ECS, versiones anteriores a 3.5, contiene una vulnerabilidad de Exposición de Recursos. Un atacante remoto no autenticado puede acceder a la lista de objetos DT (Directory Table) de todos los servicios que se ejecutan internamente y lograr conocer los datos confidenciales del sistema • https://www.dell.com/support/security/en-us/details/545893/DSA-2020-208-Dell-EMC-ECS-Security-Update-for-an-Exposure-of-Resource-vulnerability • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5317
https://notcve.org/view.php?id=CVE-2020-5317
Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Dell EMC ECS versiones anteriores a 3.4.0.1, presentan una vulnerabilidad de tipo XSS. Un usuario malicioso autenticado remoto podría explotar esta vulnerabilidad para almacenar código HTML o JavaScript malicioso en un almacén de datos de aplicaciones de confianza. • https://www.dell.com/support/security/en-us/details/540788/DSA-2020-016-Dell-EMC-ECS-Cross-Site-Scripting-XSS-Vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3766
https://notcve.org/view.php?id=CVE-2019-3766
Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts. Dell EMC ECS versiones anteriores a 3.4.0.0, contienen una restricción inapropiada de una vulnerabilidad de intentos de autenticación excesiva. Un atacante remoto no autenticado puede llevar acabo potencialmente un ataque de fuerza bruta de contraseña para conseguir acceso a las cuentas del objetivo. • https://www.dell.com/support/security/en-us/details/537465/DSA-2019-140-Dell-EMC-Elastic-Cloud-Storage-ECS-Improper-Restriction-of-Excessive-Authenticatio • CWE-307: Improper Restriction of Excessive Authentication Attempts •