Vulnerabilities > Elastic > High

DATE CVE VULNERABILITY TITLE RISK
2020-06-03 CVE-2020-7014 Improper Privilege Management vulnerability in Elastic Elasticsearch
The fix for CVE-2020-7009 was found to be incomplete.
network
low complexity
elastic CWE-269
8.8
8.8
2020-06-03 CVE-2020-7013 Code Injection vulnerability in multiple products
Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB.
network
low complexity
elastic redhat CWE-94
7.2
7.2
2020-06-03 CVE-2020-7012 Code Injection vulnerability in Elastic Kibana
Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant.
network
low complexity
elastic CWE-94
8.8
8.8
2020-06-03 CVE-2020-7010 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Elastic Cloud on Kubernetes
Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator.
network
low complexity
elastic CWE-335
7.5
7.5
2020-03-31 CVE-2020-7009 Improper Privilege Management vulnerability in Elastic Elasticsearch
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys.
network
low complexity
elastic CWE-269
8.8
8.8
2019-10-30 CVE-2019-7620 Unspecified vulnerability in Elastic Logstash
Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin.
network
low complexity
elastic
7.5
7.5
2019-08-22 CVE-2019-7617 Improper Input Validation vulnerability in Elastic APM Agent
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header.
network
low complexity
elastic CWE-20
7.2
7.2
2019-07-30 CVE-2019-7615 Improper Certificate Validation vulnerability in Elastic Apm-Agent-Ruby
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0.
network
high complexity
elastic CWE-295
7.4
7.4
2019-03-25 CVE-2019-7613 Unspecified vulnerability in Elastic Winlogbeat
Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw.
network
low complexity
elastic
7.5
7.5
2019-03-25 CVE-2019-7611 Unspecified vulnerability in Elastic Elasticsearch
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used .
network
high complexity
elastic
8.1
8.1