Vulnerabilities > Elastic

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-03	CVE-2020-7014	Improper Privilege Management vulnerability in Elastic Elasticsearch The fix for CVE-2020-7009 was found to be incomplete. network low complexity elastic CWE-269	8.8
2020-06-03	CVE-2020-7013	Code Injection vulnerability in multiple products Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. network low complexity elastic redhat CWE-94	7.2
2020-06-03	CVE-2020-7012	Code Injection vulnerability in Elastic Kibana Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. network low complexity elastic CWE-94	8.8
2020-06-03	CVE-2020-7011	Cross-site Scripting vulnerability in Elastic APP Search Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. network low complexity elastic CWE-79	6.1
2020-06-03	CVE-2020-7010	Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Elastic Cloud on Kubernetes Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. network low complexity elastic CWE-335	7.5
2020-03-31	CVE-2020-7009	Improper Privilege Management vulnerability in Elastic Elasticsearch Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. network low complexity elastic CWE-269	8.8
2019-12-18	CVE-2019-7621	Cross-site Scripting vulnerability in Elastic Kibana Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. network low complexity elastic CWE-79	5.4
2019-10-30	CVE-2019-7620	Unspecified vulnerability in Elastic Logstash Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. network low complexity elastic	7.5
2019-10-30	CVE-2019-7619	Unspecified vulnerability in Elastic Elasticsearch Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. network low complexity elastic	5.3
2019-10-01	CVE-2019-7618	Path Traversal vulnerability in Elastic Kibana 7.3.0/7.3.1/7.3.2 A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. network low complexity elastic CWE-22	6.5

Vulnerabilities > Elastic {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Elastic"}]}

Vulnerabilities > Elastic