Vulnerabilities > Elastic > Elasticsearch > Low

DATE CVE VULNERABILITY TITLE RISK
2021-01-14 CVE-2021-22132 Insufficiently Protected Credentials vulnerability in multiple products
Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API.
network
high complexity
elastic oracle CWE-522
2.1
2.1
2020-10-22 CVE-2020-7020 Improper Privilege Management vulnerability in Elastic Elasticsearch
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used.
network
elastic CWE-269
3.5
3.5