Primary

Context

Dell ECS Improper Certificate Validation Vulnerability Allowing Information Disclosure

Vulnerability

A vulnerability exists in Dell ECS versions through 3.8.1.4, related to improper certificate validation. This issue could be exploited by an unauthenticated attacker with adjacent network access, potentially leading to unauthorized information disclosure.

Impact

Exploitation of this vulnerability could result in unauthorized information disclosure.

Remediation

Users are advised to upgrade to Dell ObjectScale version 4.0 or later. For those on ECS 3.8.1.x or 3.8.0.x, upgrades can be made directly to ObjectScale 4.0. Customers on versions prior to ECS 3.8.x must first upgrade to ECS 3.8.x before transitioning to ObjectScale 4.0.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dell ECS Improper Certificate Validation Vulnerability Allowing Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating