Medium
Only Management API calls through a proxy or a load balancer are impacted. Data operations and Management API calls made directly to the ECS nodes are not impacted.
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2024-38485 | Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-privileged attacker could potentially exploit this vulnerability to trigger redirections that leads to sensitive information leakage. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2024-38485 | Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-privileged attacker could potentially exploit this vulnerability to trigger redirections that leads to sensitive information leakage. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Product | Affected Versions | Remediated Versions | Link |
---|---|---|---|
ECS | Versions prior to 3.8.0 | Versions 3.8.0 or later | Click here to open an “Operating Environment Upgrade” Service Request |
Product | Affected Versions | Remediated Versions | Link |
---|---|---|---|
ECS | Versions prior to 3.8.0 | Versions 3.8.0 or later | Click here to open an “Operating Environment Upgrade” Service Request |
Revision |
Date |
Description |
---|---|---|
1.0 |
2024-12-03 |
Initial Release |