Vulnerabilities > Elastic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-22 | CVE-2019-7617 | Improper Input Validation vulnerability in Elastic APM Agent When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. | 7.2 |
| 2019-07-30 | CVE-2019-7616 | Server-Side Request Forgery (SSRF) vulnerability in Elastic Kibana Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. | 4.9 |
| 2019-07-30 | CVE-2019-7615 | Improper Certificate Validation vulnerability in Elastic Apm-Agent-Ruby A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. | 7.4 |
| 2019-07-30 | CVE-2019-7614 | Race Condition vulnerability in Elastic Elasticsearch A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. | 5.9 |
| 2019-03-25 | CVE-2019-7613 | Unspecified vulnerability in Elastic Winlogbeat Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. | 7.5 |
| 2019-03-25 | CVE-2019-7612 | Information Exposure Through Log Files vulnerability in multiple products A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. | 9.8 |
| 2019-03-25 | CVE-2019-7611 | Unspecified vulnerability in Elastic Elasticsearch A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . | 8.1 |
| 2019-03-25 | CVE-2019-7610 | Command Injection vulnerability in Elastic Kibana Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. | 9.0 |
| 2019-03-25 | CVE-2019-7609 | Code Injection vulnerability in multiple products Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. | 10.0 |
| 2019-03-25 | CVE-2019-7608 | Cross-site Scripting vulnerability in Elastic Kibana Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |