Vulnerabilities > Elastic > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2022-38774 | Unspecified vulnerability in Elastic Endgame and Endpoint Security An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | 7.8 |
| 2023-01-26 | CVE-2022-38775 | Unspecified vulnerability in Elastic Endpoint Security An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | 7.8 |
| 2022-07-06 | CVE-2022-23714 | Unspecified vulnerability in Elastic Endpoint Security A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | 7.8 |
| 2022-06-06 | CVE-2022-23712 | Unspecified vulnerability in Elastic Elasticsearch A Denial of Service flaw was discovered in Elasticsearch. | 7.5 |
| 2021-12-08 | CVE-2021-37941 | Improper Privilege Management vulnerability in Elastic APM Agent A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. | 7.8 |
| 2021-09-15 | CVE-2021-22148 | Incorrect Permission Assignment for Critical Resource vulnerability in Elastic Enterprise Search Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. | 8.8 |
| 2021-09-15 | CVE-2021-22149 | Missing Authorization vulnerability in Elastic Enterprise Search Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. | 8.8 |
| 2021-07-21 | CVE-2021-22146 | Unspecified vulnerability in Elastic Elasticsearch 7.13.3 All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. | 7.5 |
| 2021-05-13 | CVE-2021-22140 | XXE vulnerability in Elastic APP Search 7.11.0/7.11.1 Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. | 7.5 |
| 2020-08-18 | CVE-2020-7018 | Improper Privilege Management vulnerability in Elastic Enterprise Search Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. | 8.8 |