CVE-2023-25934
https://notcve.org/view.php?id=CVE-2023-25934
DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request. • https://www.dell.com/support/kbdoc/en-us/000212970/dsa-2023-109-dell-ecs-security-update-for-multiple-vulnerabilities • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2018-11052 – Dell EMC ECS S3 Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2018-11052
Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects by supplying specially crafted S3 requests. Dell EMC ECS en versiones 3.2.0.0 y 3.2.0.1 contiene una vulnerabilidad de omisión de autenticación. Un atacante remoto no autenticado podría explotar esta vulnerabilidad para leer y modificar objetos S3 proporcionando peticiones S3 especialmente manipuladas. • http://seclists.org/fulldisclosure/2018/Jul/1 http://www.securityfocus.com/bid/104660 • CWE-287: Improper Authentication •