DSA-2024-483: Security Update for Dell ECS Multiple Vulnerabilities
Zusammenfassung: Dell ECS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Dieser Artikel gilt für
Dieser Artikel gilt nicht für
Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden.
In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Auswirkungen
High
Details
| Third-party Component |
CVEs |
More Information |
|---|---|---|
| Apache HTTP Server |
CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709 |
See NVD link below for Individual scores for each CVE. |
| Java |
CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE-2024-21145, CVE-2024-21147 |
See NVD link below for Individual scores for each CVE. |
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|---|---|---|---|
| CVE-2024-51540 |
Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could potentially exploit this vulnerability to bypass retention policies and delete objects. |
8.1 |
|
| CVE-2024-52534 |
Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft. |
5.4 |
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|---|---|---|---|
| CVE-2024-51540 |
Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could potentially exploit this vulnerability to bypass retention policies and delete objects. |
8.1 |
|
| CVE-2024-52534 |
Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft. |
5.4 |
Betroffene Produkte und Korrektur
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Elastic Cloud Storage | Versions prior to 3.8.1.3 | Versions 3.8.1.3 or later | Click here to open an “Operating Environment Upgrade” Service Request |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Elastic Cloud Storage | Versions prior to 3.8.1.3 | Versions 3.8.1.3 or later | Click here to open an “Operating Environment Upgrade” Service Request |
Revisionsverlauf
|
Revision |
Date |
Description |
|---|---|---|
|
1.0 |
2024-12-17 |
Initial Release |
|
2.0 |
2024-12-25 |
Updated for enhanced format presentation with no changes to content. |
Zugehörige Informationen
Rechtlicher Hinweis
Betroffene Produkte
ECS, ECS Appliance, ECS Appliance Hardware Series, ECS Appliance Software with Encryption, ECS Appliance Software without EncryptionArtikeleigenschaften
Artikelnummer: 000256642
Artikeltyp: Dell Security Advisory
Zuletzt geändert: 25 Dez. 2024
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.