Skip to content
Threat Feed
medium threat

CVE-2022-31231 - Dell ECS Improper Access Control in IAM Module

Dell ECS versions 3.5 and 3.6 contain an improper access control vulnerability (CVE-2022-31231) in the Identity and Access Management (IAM) module, potentially allowing a remote unauthenticated attacker to gain unauthorized read access to data.

Dell Elastic Cloud Storage (ECS) versions 3.5 and 3.6 are vulnerable to CVE-2022-31231, an Improper Access Control flaw within the Identity and Access Management (IAM) module. This vulnerability allows a remote, unauthenticated attacker to potentially bypass access restrictions and gain unauthorized read access to sensitive data stored within the ECS system. The vulnerability was disclosed by Dell on May 22, 2026. Exploitation of this flaw could lead to information disclosure and compromise the confidentiality of data stored in the affected ECS deployments. Defenders should apply the patches recommended by Dell to prevent exploitation.

Attack Chain

  1. The attacker identifies a vulnerable Dell ECS instance running versions 3.5 or 3.6.
  2. The attacker crafts a malicious request to the IAM module, exploiting the improper access control vulnerability (CVE-2022-31231).
  3. The crafted request bypasses authentication and authorization checks due to the IAM module’s flaw.
  4. The vulnerable IAM module processes the malicious request without proper validation.
  5. The attacker gains unauthorized read access to data managed by the IAM module.
  6. The attacker exfiltrates sensitive information, potentially including user credentials, configuration details, or other confidential data.

Impact

Successful exploitation of CVE-2022-31231 can lead to the unauthorized disclosure of sensitive data stored within Dell ECS systems. While the exact impact varies depending on the data stored and the scope of access achieved, the vulnerability could compromise the confidentiality of user information, system configurations, or other proprietary data.

Recommendation

  • Apply the security patches provided by Dell to upgrade ECS instances to a version that addresses CVE-2022-31231, as detailed in the Dell advisory.
  • Deploy the Sigma rule Detect CVE-2022-31231 Attempt via IAM Request to monitor for suspicious requests targeting the IAM module.
  • Review access control configurations within the ECS environment to ensure proper restrictions are in place after patching.

Detection coverage 2

Detect CVE-2022-31231 Attempt via IAM Request

high

Detects potential exploitation attempts of CVE-2022-31231, targeting the IAM module in Dell ECS.

sigma tactics: privilege_escalation techniques: T1068 sources: webserver

Detect CVE-2022-31231 Attempt via ECS API

medium

Detects potential exploitation attempts of CVE-2022-31231, targeting the ECS API.

sigma tactics: privilege_escalation techniques: T1068 sources: webserver

Detection queries are available on the platform. Get full rules →