Vulnerabilities > Elastic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-08 | CVE-2022-38777 | Improper Privilege Management vulnerability in Elastic Endgame and Endpoint Security An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | 7.8 |
| 2023-02-08 | CVE-2022-38778 | Improper Input Validation vulnerability in multiple products A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process. | 6.5 |
| 2023-01-26 | CVE-2022-38774 | Unspecified vulnerability in Elastic Endgame and Endpoint Security An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | 7.8 |
| 2023-01-26 | CVE-2022-38775 | Unspecified vulnerability in Elastic Endpoint Security An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | 7.8 |
| 2022-11-18 | CVE-2021-22141 | Open Redirect vulnerability in Elastic Kibana An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. | 6.1 |
| 2022-11-18 | CVE-2021-37936 | Cross-site Scripting vulnerability in Elastic Kibana It was discovered that Kibana was not sanitizing document fields containing HTML snippets. | 5.4 |
| 2022-09-28 | CVE-2022-23716 | Information Exposure Through Log Files vulnerability in Elastic Cloud Enterprise A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster. | 5.3 |
| 2022-07-06 | CVE-2022-23713 | Cross-site Scripting vulnerability in Elastic Kibana A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser. | 4.3 |
| 2022-07-06 | CVE-2022-23714 | Unspecified vulnerability in Elastic Endpoint Security A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | 7.8 |
| 2022-06-06 | CVE-2022-23712 | Unspecified vulnerability in Elastic Elasticsearch A Denial of Service flaw was discovered in Elasticsearch. | 7.5 |