Vulnerabilities > CVE-2017-8444 - Unspecified vulnerability in Elasticsearch Cloud Enterprise 1.0.0/1.0.1
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |