Vulnerabilities > Elastic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-08 | CVE-2021-37941 | Improper Privilege Management vulnerability in Elastic APM Agent A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. | 7.8 |
| 2021-12-07 | CVE-2021-37940 | Server-Side Request Forgery (SSRF) vulnerability in Elastic Enterprise Search An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. | 6.8 |
| 2021-11-18 | CVE-2021-37938 | Path Traversal vulnerability in Elastic Kibana It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. | 4.3 |
| 2021-11-18 | CVE-2021-37939 | Cleartext Transmission of Sensitive Information vulnerability in Elastic Kibana It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. | 2.7 |
| 2021-09-15 | CVE-2021-22147 | Missing Authorization vulnerability in Elastic Elasticsearch Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. | 6.5 |
| 2021-09-15 | CVE-2021-22148 | Incorrect Permission Assignment for Critical Resource vulnerability in Elastic Enterprise Search Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. | 8.8 |
| 2021-09-15 | CVE-2021-22149 | Missing Authorization vulnerability in Elastic Enterprise Search Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. | 8.8 |
| 2021-07-26 | CVE-2021-22144 | Uncontrolled Recursion vulnerability in multiple products In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. | 6.5 |
| 2021-07-21 | CVE-2021-22145 | Information Exposure Through an Error Message vulnerability in multiple products A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. | 6.5 |
| 2021-07-21 | CVE-2021-22146 | Unspecified vulnerability in Elastic Elasticsearch 7.13.3 All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. | 7.5 |