Vulnerabilities > Elastic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-25 | CVE-2019-7613 | Unspecified vulnerability in Elastic Winlogbeat Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. | 7.5 |
| 2019-03-25 | CVE-2019-7612 | Information Exposure Through Log Files vulnerability in multiple products A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. | 9.8 |
| 2019-03-25 | CVE-2019-7611 | Unspecified vulnerability in Elastic Elasticsearch A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . | 8.1 |
| 2019-03-25 | CVE-2019-7610 | Command Injection vulnerability in Elastic Kibana Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. | 9.0 |
| 2019-03-25 | CVE-2019-7609 | Code Injection vulnerability in multiple products Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. | 10.0 |
| 2019-03-25 | CVE-2019-7608 | Cross-site Scripting vulnerability in Elastic Kibana Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2018-12-20 | CVE-2018-17247 | XXE vulnerability in Elastic Elasticsearch 6.5.0/6.5.1 Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. | 5.9 |
| 2018-12-20 | CVE-2018-17246 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. | 9.8 |
| 2018-12-20 | CVE-2018-17245 | Insufficiently Protected Credentials vulnerability in Elastic Kibana Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. | 9.8 |
| 2018-12-20 | CVE-2018-17244 | Information Exposure vulnerability in Elastic Elasticsearch 6.4.0/6.4.1/6.4.2 Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. | 6.5 |