DSA-2026-047: Security update for Dell ECS and ObjectScale Multiple Vulnerabilities
摘要: Dell ECS and ObjectScale remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
影响
Critical
更多详情
This security advisory communicates vulnerabilities affecting Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0. To remediate the vulnerabilities, customers must upgrade to ObjectScale 4.2.0.0, the Latest Code as per the Minimum, Recommended, and Latest Code Versions for Dell Technologies Servers, Storage, and Networking products.
详情
| Third-party Component | CVEs | More Information |
| net/netip | CVE-2024-24790 | https://nvd.nist.gov/vuln/search |
| jackson-core | CVE-2025-52999 | https://nvd.nist.gov/vuln/search |
| Apache Commons IO | CVE-2024-47554 | https://nvd.nist.gov/vuln/search |
| XStream | CVE-2024-47072 | https://nvd.nist.gov/vuln/search |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2026-22273 | Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2026-22271 | Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information exposure. | 7.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
| CVE-2026-22274 | Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exploit this vulnerability to intercept and modify information in transit. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
| CVE-2026-22276 | Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| CVE-2026-22275 | Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | 4.4 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2026-22273 | Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2026-22271 | Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information exposure. | 7.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
| CVE-2026-22274 | Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exploit this vulnerability to intercept and modify information in transit. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
| CVE-2026-22276 | Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| CVE-2026-22275 | Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | 4.4 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
受影响的产品和补救措施
| Product | Affected Versions | Remediated Versions | Link |
| Elastic Cloud Storage (ECS) | Versions 3.8.1.0 through 3.8.1.7 | Version 4.2.0.0 or later | Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-047 |
| ObjectScale | Versions prior to 4.2.0.0 | Version 4.2.0.0 or later | Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-047 |
| Product | Affected Versions | Remediated Versions | Link |
| Elastic Cloud Storage (ECS) | Versions 3.8.1.0 through 3.8.1.7 | Version 4.2.0.0 or later | Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-047 |
| ObjectScale | Versions prior to 4.2.0.0 | Version 4.2.0.0 or later | Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-047 |
Note:
- Dell recommends all customers have their ObjectScale systems upgraded at the earliest opportunity by opening an “Operating Environment Upgrade” Service Request.
- Please visit the Security Update Release Schedule for Supported Versions of ObjectScale (formerly ECS) for more information.
解决方法和缓解措施
| CVE ID | Workaround and Mitigation |
| CVE-2026-22271 | To mitigate this vulnerability, customers on all supported ECS or Objectscale versions, still using default credentials, can apply the password change procedure documented as a 'NOTE' under the ‘Default Node Users’ table in the Dell ObjectScale 4.2.0.0 Security Configuration Guide, without performing an upgrade. |
| CVE-2026-22273 |
To remediate this vulnerability, starting with ObjectScale version 4.2.0.0, the system automatically disables CAS unless it detects active usage. To mitigate this vulnerability, customers who have not upgraded to ObjectScale version 4.2.0.0 yet or are actively using CAS in their setup should refer to the ‘Securing the CAS Protocol’ section in the Dell ObjectScale 4.2.0.0 Security Configuration Guide and apply the recommended steps. |
修订历史记录
| Revision | Date | Description |
| 1.0 | 2026-01-16 | Initial Release |
相关信息
法律免责声明
受影响的产品
ECS, ObjectScale, ECS Appliance, ECS Appliance Hardware Series, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ObjectScale Appliance Software with Encryption, ObjectScale Appliance Software without Encryption
, ObjectScale Appliance Series, ObjectScale Software Series
...
文章属性
文章编号: 000415880
文章类型: Dell Security Advisory
上次修改时间: 16 1月 2026
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。