Primary

Context

Dell ECS and ObjectScale Insertion of Sensitive Information into Log File Vulnerability

Vulnerability

Patched

A vulnerability allowing the insertion of sensitive information into log files exists in Dell ECS versions prior to 3.8.1.5 and ObjectScale version 4.0.0.0. This vulnerability could be exploited by a low-privileged attacker with local access, potentially leading to unauthorized information disclosure.

Impact

Exploitation of this vulnerability could result in the unauthorized disclosure of sensitive information.

Remediation

Users are advised to upgrade to Dell ECS version 3.8.1.5 or later, or Dell ObjectScale version 4.0.0.1 or later. Instructions for upgrading can be found by opening a Service Request and quoting DSA-2025-242.

Added: Jul 15, 2025, 3:41 PM

Updated: Jul 15, 2025, 3:41 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

3.5

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

3.5

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dell ECS and ObjectScale Insertion of Sensitive Information into Log File Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Dell ECS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating