{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22274", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2026-01-07T06:43:46.537Z", "datePublished": "2026-01-23T09:25:04.509Z", "dateUpdated": "2026-01-23T15:16:16.656Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ObjectScale", "vendor": "Dell", "versions": [{"lessThan": "4.2.0.0", "status": "affected", "version": "N/A", "versionType": "semver"}]}], "datePublic": "2026-01-19T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exploit this vulnerability to intercept and modify information in transit."}], "value": "Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exploit this vulnerability to intercept and modify information in transit."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319: Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-01-23T09:25:04.509Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000415880/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-23T15:16:04.429420Z", "id": "CVE-2026-22274", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T15:16:16.656Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22274", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-23T15:16:04.429420Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T15:16:12.941Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "ObjectScale", "versions": [{"status": "affected", "version": "N/A", "lessThan": "4.2.0.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-01-19T18:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000415880/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exploit this vulnerability to intercept and modify information in transit.", "supportingMedia": [{"type": "text/html", "value": "Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exploit this vulnerability to intercept and modify information in transit.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319: Cleartext Transmission of Sensitive Information"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-01-23T09:25:04.509Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22274", "state": "PUBLISHED", "dateUpdated": "2026-01-23T15:16:16.656Z", "dateReserved": "2026-01-07T06:43:46.537Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-01-23T09:25:04.509Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FFE0BD5-DC60-46D3-9A26-6E82DBB982EC", "versionEndExcluding": "4.2.0.0", "versionStartIncluding": "3.8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:objectscale:*:*:*:*:*:*:*:*", "matchCriteriaId": "25F884EC-C7A1-4734-8C17-08BFF2046175", "versionEndExcluding": "4.2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exploit this vulnerability to intercept and modify information in transit."}], "id": "CVE-2026-22274", "lastModified": "2026-02-18T13:55:35.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-01-23T10:15:53.480", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000415880/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T03:11:30.772678+00:00", "value": {"mitigation_remediation": ["Apply the Dell ECS security update to version 3.8.1.8 or later, or the ObjectScale update to 4.2.0.0 or later, as documented in Dell KB 000415880.", "If an update cannot be applied immediately, disable Fabric Syslog cleartext transmission or enforce TLS for all syslog communication channels.", "Implement network segmentation or firewall rules that restrict remote access to the Fabric Syslog service to trusted hosts only."], "summary": {"action": "Apply Patch", "impact": "Cleartext Transmission of Sensitive Information"}, "threat_synthesis": {"affected_systems": "Affected are Dell ECS from version 3.8.1.0 up to 3.8.1.7 inclusive and any Dell ObjectScale installation earlier than 4.2.0.0. Enterprise users running these components experience the risk if the Fabric Syslog feature is enabled in a non\u2011encrypted mode.", "description_and_impact": "Dell Elastic Cloud Storage and Dell ObjectScale versions 3.8.1.0 through 3.8.1.7, and older ObjectScale releases before 4.2.0.0, have a vulnerability that allows cleartext transmission of sensitive data in the Fabric Syslog component. The flaw can enable an attacker to intercept and modify information moving through the system, potentially exposing confidential logs or tampering with system events. The weakness corresponds to the \u201cCleartext Transmission of Sensitive Information\u201d category, which undermines the confidentiality of log data.", "risk_and_exploitability": "The CVSS score of 6.5 indicates moderate severity; the EPSS score of less than 1% shows a very low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. However, the vulnerability can be accessed by an unauthenticated attacker who has remote network access to the Fabric Syslog interface, enabling them to intercept and potentially modify traffic in transit."}}}}, "created": "2026-01-26T11:54:47.535038+00:00", "title": "Cleartext Transmission of Sensitive Information in Dell ObjectScale Fabric Syslog", "updated": "2026-04-18T03:15:35.430868+00:00", "vendors": ["dell", "dell$PRODUCT$ecs_streamer", "dell$PRODUCT$objectscale"]}