CVE-2025-26478

LOW

3.1

Descricao

Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.

Detalhes CVE

Pontuacao CVSS v3.13.1

SeveridadeLOW

Vetor CVSSCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Vetor de ataqueADJACENT_NETWORK

ComplexidadeHIGH

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado4/17/2025

Ultima modificacao8/1/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

dell:elastic_cloud_storagedell:objectscale

Fraquezas (CWE)

CWE-295

Referencias

https://www.dell.com/support/kbdoc/en-in/000300068/dsa-2025-097-security-update-for-dell-objectscale-4-0-multiple-vulnerabilities(security_alert@emc.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.