Vulnerabilities > Elastic

DATE	CVE	VULNERABILITY TITLE	RISK
2017-06-05	CVE-2017-8441	Information Exposure vulnerability in Elastic X-Pack Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. network low complexity elastic CWE-200	4.3
2017-06-05	CVE-2017-8440	Cross-site Scripting vulnerability in Elastic Kibana Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. network low complexity elastic CWE-79	6.1
2017-06-05	CVE-2017-8439	Cross-site Scripting vulnerability in Elastic Kibana 5.4.0 Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. network low complexity elastic CWE-79	6.1
2017-06-05	CVE-2017-8438	Improper Privilege Management vulnerability in Elastic X-Pack Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. network low complexity elastic CWE-269	8.8
2015-02-17	CVE-2015-1427	The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. network low complexity elastic redhat critical	9.8

Vulnerabilities > Elastic {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Elastic"}]}