elastic

237 tracked vulnerabilities.

CVE-2021-37942 HIGH
Elastic APM Java Agent 1.18.0-1.26.10 - Local Privilege Escalation via Malicious Plugin Attachment
Nov 22, 2023
CVSS 7.0
EPSS 0.00
CVE-2021-37937 MEDIUM
Elasticsearch 7.13.0-7.13.9 - Privilege Escalation via Fleet-Server API Key Creation
Nov 22, 2023
CVSS 5.9
EPSS 0.00
CVE-2021-22143 LOW
Elastic APM .NET Agent < 1.10.0 - Sensitive Information Exposure via HTTP Header Logging
Nov 22, 2023
CVSS 2.1
EPSS 0.00
CVE-2021-22151 LOW
Kibana 7.9.0-7.13.4 - Path Traversal via .pbf File Loading
Nov 22, 2023
CVSS 3.1
EPSS 0.01
CVE-2021-22150 MEDIUM
Kibana 7.10.2-7.14.0 - Authenticated Remote Code Execution via Malicious Fleet Package Upload
Nov 22, 2023
CVSS 6.6
EPSS 0.00
CVE-2021-22142 MEDIUM
Kibana 7.0.0-7.12.1 - Authenticated Remote Code Execution via Reporting Feature Chromium Embed
Nov 22, 2023
CVSS 6.6
EPSS 0.00
CVE-2021-37936 MEDIUM
Kibana < 7.14.1 - Stored Cross-Site Scripting via Discover App Search Highlighting
Nov 18, 2022
CVSS 5.4
EPSS 0.01
CVE-2021-22141 MEDIUM
Kibana < 6.8.16 - Open Redirect via Malicious URL
Nov 18, 2022
CVSS 6.1
EPSS 0.00
CVE-2021-37941 HIGH
Elastic APM Java Agent 1.10.0-1.26.0 - Local Privilege Escalation via Attacher CLI or API
Dec 08, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-37940 MEDIUM
Elastic Enterprise Search < 7.16.0 - Server-Side Request Forgery via GitHub Integration
Dec 07, 2021
CVSS 6.8
EPSS 0.00
CVE-2021-37939 LOW
Kibana 7.8.0-7.15.1 - Authenticated Internal Host HTTP Response Disclosure via JIRA and IBM Resilient Connectors
Nov 18, 2021
CVSS 2.7
EPSS 0.00
CVE-2021-37938 MEDIUM
Kibana 7.9.0-7.15.1 - Path Traversal via .pbf File Loading
Nov 18, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-22149 HIGH
Elastic Enterprise Search App Search < 7.14.0 - Authenticated Missing Authorization via Alternate API Route
Sep 15, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-22148 HIGH
Elastic Enterprise Search < 7.14.0 - Incorrect Permission Assignment for API Keys
Sep 15, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-22147 MEDIUM
Elasticsearch 7.11.0-7.13.4 - Authenticated Missing Authorization in Searchable Snapshots
Sep 15, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-22144 MEDIUM
Elasticsearch < 6.8.17 - Denial of Service via Grok Parser Recursion
Jul 26, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-22146 HIGH
Elastic Cloud Enterprise - Info Disclosure
Jul 21, 2021
CVSS 7.5
EPSS 0.30
CVE-2021-22145 MEDIUM NUCLEI
Elasticsearch 7.10.0-7.13.3 - Memory Disclosure via Malformed Query Error Message
Jul 21, 2021
CVSS 6.5
EPSS 0.68
CVE-2021-22140 HIGH
Elastic App Search 7.11.0-7.11.9 - XML External Entity Injection via Web Crawler Sitemap Processing
May 13, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-22139 MEDIUM
Kibana < 7.12.1 - Denial of Service via Webhook Request Size
May 13, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-22138 LOW
Logstash 6.4.0-6.8.14 - Improper Certificate Validation in Monitoring Feature
May 13, 2021
CVSS 3.7
EPSS 0.00
CVE-2021-22137 MEDIUM
Elasticsearch <6.8.15 and 7.11.0-7.11.1 - Document Disclosure via Cross-Cluster Search Query
May 13, 2021
CVSS 5.3
EPSS 0.00
CVE-2021-22136 LOW
Kibana < 6.8.15 - Insufficient Session Expiration via Background Polling
May 13, 2021
CVSS 3.5
EPSS 0.00
CVE-2021-22135 MEDIUM
Elasticsearch <6.8.15 and 7.0.0-7.11.2 - Unauthorized Document and Field Exposure via Suggester and Profile API
May 13, 2021
CVSS 5.3
EPSS 0.00
CVE-2021-22134 MEDIUM
Elasticsearch 7.6.0-7.10.2 - Unauthorized Document Disclosure via Document or Field Level Security Bypass
Mar 08, 2021
CVSS 4.3
EPSS 0.00
Products
kibana 103 elasticsearch 47 Kibana 18 logstash 13 elastic_cloud_enterprise 9 x-pack 9 beats 7 Elastic X-Pack Security 6 elastic_agent 5 endpoint_security 5 enterprise_search 5 Logstash 4 Packetbeat 3 apm_agent 3 apm_server 3 APM Server 2 Elastic Defend 2 X-Pack Security 2 apm-server 2 elastic_app_search 2 elastic_beats 2 elastic_cloud_on_kubernetes 2 elasticsearch_x-pack 2 endgame 2 filebeat 2 kibana_x-pack 2 logstash_x-pack 2 Beats 1 Elastic Cloud Enterprise 1 Elastic Package Registry 1
Quick Filters
Critical CVEs With Exploits In CISA KEV