Vulnerabilities > Elastic

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-19	CVE-2018-3825	Insecure Default Initialization of Resource vulnerability in Elastic Cloud Enterprise In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. network high complexity elastic CWE-1188	5.9
2018-09-19	CVE-2018-3824	Cross-site Scripting vulnerability in Elastic Elasticsearch X-Pack and Kibana X-Pack X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. network low complexity elastic CWE-79	6.1
2018-09-19	CVE-2018-3823	Cross-site Scripting vulnerability in Elastic Elasticsearch X-Pack and Kibana X-Pack X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. network low complexity elastic CWE-79	5.4
2018-03-30	CVE-2018-3822	Path Traversal vulnerability in Elastic X-Pack 6.2.0/6.2.1/6.2.2 X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. network low complexity elastic CWE-22 critical	9.8
2018-03-30	CVE-2018-3821	Cross-site Scripting vulnerability in Elastic Kibana Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. network low complexity elastic CWE-79	6.1
2018-03-30	CVE-2018-3820	Cross-site Scripting vulnerability in Elastic Kibana 6.1.1/6.1.2 Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. network low complexity elastic CWE-79	6.1
2018-03-30	CVE-2018-3819	Open Redirect vulnerability in Elastic Kibana The fix in Kibana for ESA-2017-23 was incomplete. network low complexity elastic CWE-601	6.1
2018-03-30	CVE-2018-3818	Cross-site Scripting vulnerability in Elastic Kibana Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. network low complexity elastic CWE-79	6.1
2018-03-30	CVE-2018-3817	Information Exposure vulnerability in Elastic Logstash When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information. network low complexity elastic CWE-200	6.5
2018-03-06	CVE-2015-5377	Injection vulnerability in Elastic Elasticsearch Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. network low complexity elastic CWE-74 critical	9.8

Vulnerabilities > Elastic {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Elastic"}]}

Vulnerabilities > Elastic