Vulnerabilities > Elastic > Enterprise Search > High

DATE CVE VULNERABILITY TITLE RISK
2021-09-15 CVE-2021-22148 Incorrect Permission Assignment for Critical Resource vulnerability in Elastic Enterprise Search
Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator.
network
low complexity
elastic CWE-732
8.8
8.8
2021-09-15 CVE-2021-22149 Missing Authorization vulnerability in Elastic Enterprise Search
Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route.
network
low complexity
elastic CWE-862
8.8
8.8
2020-08-18 CVE-2020-7018 Improper Privilege Management vulnerability in Elastic Enterprise Search
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface.
network
low complexity
elastic CWE-269
8.8
8.8