Vulnerabilities > Elastic

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-20	CVE-2018-17247	XXE vulnerability in Elastic Elasticsearch 6.5.0/6.5.1 Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. network high complexity elastic CWE-611	5.9
2018-12-20	CVE-2018-17246	Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. network low complexity elastic redhat CWE-829 critical	9.8
2018-12-20	CVE-2018-17245	Insufficiently Protected Credentials vulnerability in Elastic Kibana Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. network low complexity elastic CWE-522 critical	9.8
2018-12-20	CVE-2018-17244	Information Exposure vulnerability in Elastic Elasticsearch 6.4.0/6.4.1/6.4.2 Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. network low complexity elastic CWE-200	6.5
2018-09-19	CVE-2018-3831	Information Exposure vulnerability in Elastic Elasticsearch Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. network low complexity elastic CWE-200	8.8
2018-09-19	CVE-2018-3830	Cross-site Scripting vulnerability in multiple products Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. network low complexity elastic redhat CWE-79	6.1
2018-09-19	CVE-2018-3829	Authentication Bypass by Spoofing vulnerability in Elastic Cloud Enterprise In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. network high complexity elastic CWE-290	5.3
2018-09-19	CVE-2018-3828	Information Exposure Through Log Files vulnerability in Elastic Cloud Enterprise Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. network high complexity elastic CWE-532	7.5
2018-09-19	CVE-2018-3827	Information Exposure Through Log Files vulnerability in Elastic Azure Repository A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. network high complexity elastic CWE-532	8.1
2018-09-19	CVE-2018-3826	Missing Encryption of Sensitive Data vulnerability in Elastic Elasticsearch In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. network low complexity elastic CWE-311	6.5

Vulnerabilities > Elastic {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Elastic"}]}

Vulnerabilities > Elastic