5 results (0.012 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request. • https://www.dell.com/support/kbdoc/en-us/000212970/dsa-2023-109-dell-ecs-security-update-for-multiple-vulnerabilities • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system. Dell EMC ECS, versiones anteriores a 3.5, contiene una vulnerabilidad de Exposición de Recursos. Un atacante remoto no autenticado puede acceder a la lista de objetos DT (Directory Table) de todos los servicios que se ejecutan internamente y lograr conocer los datos confidenciales del sistema • https://www.dell.com/support/security/en-us/details/545893/DSA-2020-208-Dell-EMC-ECS-Security-Update-for-an-Exposure-of-Resource-vulnerability • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Dell EMC ECS versiones anteriores a 3.4.0.1, presentan una vulnerabilidad de tipo XSS. Un usuario malicioso autenticado remoto podría explotar esta vulnerabilidad para almacenar código HTML o JavaScript malicioso en un almacén de datos de aplicaciones de confianza. • https://www.dell.com/support/security/en-us/details/540788/DSA-2020-016-Dell-EMC-ECS-Cross-Site-Scripting-XSS-Vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts. Dell EMC ECS versiones anteriores a 3.4.0.0, contienen una restricción inapropiada de una vulnerabilidad de intentos de autenticación excesiva. Un atacante remoto no autenticado puede llevar acabo potencialmente un ataque de fuerza bruta de contraseña para conseguir acceso a las cuentas del objetivo. • https://www.dell.com/support/security/en-us/details/537465/DSA-2019-140-Dell-EMC-Elastic-Cloud-Storage-ECS-Improper-Restriction-of-Excessive-Authenticatio • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. EMC Elastic Cloud Storage (ECS) en versiones anteriores a la 3.1 se ha visto afectado por una vulnerabilidad de cuenta sin documentar que podría ser aprovechada por usuarios maliciosos para comprometer el sistema afectado. • http://seclists.org/fulldisclosure/2017/Sep/74 http://www.securityfocus.com/bid/101018 • CWE-1188: Initialization of a Resource with an Insecure Default •