DSA-2025-097: Security Update for Dell ObjectScale 4.0 Multiple Vulnerabilities
摘要: Dell ObjectScale remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
影響
Critical
其他詳細資料
As of release 4.x the ECS product name has been rebranded as ObjectScale (OBS). This Security Advisory communicates vulnerabilities affecting the 3.8.1.4 release and its prior versions. Those are remediated in the series now referred to as ObjectScale (OBS).
詳細資料
|
Third-party Component |
CVEs |
More Information |
|
Apache Commons Configuration |
CVE-2024-29133, CVE-2024-29131 |
|
|
Bouncy Castle |
CVE-2023-33202, CVE-2024-34447, CVE-2024-30171, CVE-2024-30172, CVE-2024-29857, CVE-2023-33201 |
|
|
crypto/tls |
CVE-2023-45287 |
|
|
Docker |
CVE-2020-8694, CVE-2020-8695, CVE-2024-24557 |
|
|
eclipse jetty |
CVE-2024-22201, CVE-2023-44487, CVE-2021-28169, CVE-2021-34428, CVE-2021-34429, CVE-2022-2047, CVE-2022-2048, CVE-2023-26048, CVE-2023-26049, CVE-2023-36478, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900 |
|
|
Expat |
CVE-2024-28757, CVE-2022-40674, CVE-2022-43680, CVE-2023-52425 |
|
|
github.com/crewjam/saml |
CVE-2022-41912, CVE-2023-28119, CVE-2023-45683 |
|
|
go.uuid |
CVE-2021-3538 |
|
|
Golang |
CVE-2022-23806, CVE-2022-41716, CVE-2021-3115, CVE-2020-28367, CVE-2020-28366 |
|
|
golang.org/x/net |
CVE-2023-44487 |
|
|
Html |
CVE-2023-3978 |
|
|
Goxmldsig |
CVE-2020-7711 |
|
|
go-yaml |
CVE-2022-28948 |
|
|
h2database |
CVE-2021-23463, CVE-2021-42392, CVE-2022-23221, CVE-2022-45868 |
|
|
Idna |
CVE-2024-3651 |
|
|
jackson-databind |
CVE-2020-36518, CVE-2022-42003, CVE-2022-42004, CVE-2021-46877, CVE-2023-35116 |
|
|
Jersey |
CVE-2021-28168 |
|
|
jose.v2 |
CVE-2024-28180 |
|
|
libseccomp2 |
CVE-2019-9893 |
|
|
logback receiver |
CVE-2023-6378 |
|
|
math/big |
CVE-2020-28362 |
|
|
net/http2 |
CVE-2023-45288, CVE-2023-39325, CVE-2022-27664, CVE-2022-41717, CVE-2022-41723 |
|
|
Netty Project |
CVE-2024-29025, CVE-2022-24823, CVE-2022-41881, CVE-2023-34462 |
|
|
Nginx |
CVE-2023-44487 |
|
|
Openssh |
CVE-2023-48795 |
|
|
Openssl |
CVE-2024-0727, CVE-2020-36242, CVE-2023-49083 |
|
|
PostgreSQL JDBC Driver (pgjdbc) |
CVE-2022-31197, CVE-2022-41946, CVE-2024-1597 |
|
|
Protobuf |
CVE-2024-24786 |
|
|
Pyopenssl |
CVE-2018-1000808, CVE-2018-1000807 |
|
|
Pytest |
CVE-2020-29651 |
|
|
python/requests |
CVE-2018-18074, CVE-2024-35195 |
|
|
python311-base |
CVE-2024-4032 |
|
|
python3-urllib3 |
CVE-2023-46218, CVE-2024-37891 |
|
|
Setuptools |
CVE-2022-40897 |
|
|
snappy-java |
CVE-2023-34453, CVE-2023-34454, CVE-2023-34455, CVE-2023-43642 |
|
|
spring-expression |
CVE-2024-38808 |
|
|
Zookeeper |
CVE-2024-23944, CVE-2023-44981 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-26477 |
Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. |
4.3 |
|
|
CVE-2025-26478 |
Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure. |
3.1 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-26477 |
Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. |
4.3 |
|
|
CVE-2025-26478 |
Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure. |
3.1 |
受影響的產品與補救措施
|
Product |
Affected Versions |
Remediated Version |
Link |
|
Dell ObjectScale |
Versions prior to 4.0 |
Version 4.0 or later |
|
Product |
Affected Versions |
Remediated Version |
Link |
|
Dell ObjectScale |
Versions prior to 4.0 |
Version 4.0 or later |
Dell recommends all customers have their ObjectScale systems upgraded at the earliest opportunity by opening an “Operating Environment Upgrade” Service Request. Customers on ECS 3.8.1.x and ECS 3.8.0.x can upgrade directly to OBS 4.0. Customers on versions prior to ECS 3.8.x need to upgrade to ECS 3.8.x first before upgrading to OBS 4.0.
Note: Please visit the Security Update Release Schedule for Supported Versions of ObjectScale (formerly ECS) for more information.
修訂歷史記錄
|
Revision |
Date |
Description |
|
1.0 |
2024-03-26 |
Initial Release |
|
2.0 |
2024-04-16 |
Revised Wording |
相關資訊
法律免責聲明
受影響的產品
ECS Appliance Hardware Gen3 EX5000, ECS Appliance Hardware Gen3 EX300, ECS Appliance Hardware Gen3 EX3000, ECS Appliance Hardware Gen2 U-Series, ECS Appliance Hardware Gen3 EX500, ECS Appliance Hardware Gen3 EXF900, ECS Appliance Hardware Series文章屬性
文章編號: 000300068
文章類型: Dell Security Advisory
上次修改時間: 16 4月 2025
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。