Описание
Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace
Уязвимые конфигурации
Конфигурация 1Версия от 3.6.0.0 (включая) до 3.6.2.6 (исключая)Версия от 3.7.0.0 (включая) до 3.7.0.7 (исключая)Версия от 3.8.0.0 (включая) до 3.8.0.5 (исключая)
Одно из
cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00214
Низкий
6.8 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-284
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 6.8
github
почти 2 года назад
Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace
EPSS
Процентиль: 44%
0.00214
Низкий
6.8 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-284
NVD-CWE-noinfo