elastic

237 tracked vulnerabilities.

CVE-2019-7611 HIGH
Elasticsearch <5.6.15, 6.6.1 - Privilege Escalation
Mar 25, 2019
CVSS 8.1
EPSS 0.01
CVE-2019-7610 CRITICAL
Kibana < 5.6.15 - Remote Code Execution via Security Audit Logger
Mar 25, 2019
CVSS 9.0
EPSS 0.01
CVE-2019-7609 CRITICAL KEVNUCLEI
Kibana Timelion Prototype Pollution RCE
Mar 25, 2019
CVSS 10.0
EPSS 0.94
CVE-2019-7608 MEDIUM
Kibana < 5.6.15 - Cross-Site Scripting
Mar 25, 2019
CVSS 6.1
EPSS 0.01
CVE-2018-17247 MEDIUM
Elasticsearch Security 6.5.0-6.5.1 - Info Disclosure
Dec 20, 2018
CVSS 5.9
EPSS 0.00
CVE-2018-17246 CRITICAL NUCLEI
Kibana <6.4.3, 5.6.13 - Code Injection
Dec 20, 2018
CVSS 9.8
EPSS 0.94
CVE-2018-17245 CRITICAL
Kibana 4.0-4.6, 5.0-5.6.12, 6.0-6.4.2 - Credential Exposure in PDF Report Generation
Dec 20, 2018
CVSS 9.8
EPSS 0.00
CVE-2018-17244 MEDIUM
Elasticsearch Security <6.4.2 - Info Disclosure
Dec 20, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-3831 HIGH
Elasticsearch 5.6.0-5.6.11 - Authenticated Exposure of Sensitive Information via _cluster/settings API
Sep 19, 2018
CVSS 8.8
EPSS 0.01
CVE-2018-3830 MEDIUM
Kibana 5.3.0-6.4.1 - Cross-Site Scripting via Source Field Formatter
Sep 19, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-3829 MEDIUM
Elastic Cloud Enterprise < 1.1.4 - Authentication Bypass via Invalid Roles Token
Sep 19, 2018
CVSS 5.3
EPSS 0.00
CVE-2018-3828 HIGH
Elastic Cloud Enterprise < 1.1.4 - Sensitive Information Exposure in Allocator Logs
Sep 19, 2018
CVSS 7.5
EPSS 0.00
CVE-2018-3827 HIGH
Elasticsearch repository-azure - Sensitive Data Disclosure via TRACE Level Logging
Sep 19, 2018
CVSS 8.1
EPSS 0.00
CVE-2018-3826 MEDIUM
Elasticsearch 6.0.0-beta1-6.2.4 - Exposure of Sensitive Information via _snapshot API
Sep 19, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-3825 MEDIUM
Elastic Cloud Enterprise <1.1.4 - Info Disclosure
Sep 19, 2018
CVSS 5.9
EPSS 0.00
CVE-2018-3824 MEDIUM
X-Pack Machine Learning < 5.6.9 - Cross-Site Scripting via Index Data Injection
Sep 19, 2018
CVSS 6.1
EPSS 0.00
CVE-2018-3823 MEDIUM
X-Pack Machine Learning < 5.6.9 - Cross-Site Scripting via Job Configuration
Sep 19, 2018
CVSS 5.4
EPSS 0.00
CVE-2018-3822 CRITICAL
X-Pack Security 6.2.0-6.2.2 - User Impersonation via XML Canonicalization and DOM Traversal
Mar 30, 2018
CVSS 9.8
EPSS 0.01
CVE-2018-3821 MEDIUM
Kibana 5.1.1-5.6.7 - Cross-Site Scripting in Tag Cloud Visualization
Mar 30, 2018
CVSS 6.1
EPSS 0.00
CVE-2018-3820 MEDIUM
Kibana 6.1.0-6.1.3 - Cross-Site Scripting in Labs Visualizations
Mar 30, 2018
CVSS 6.1
EPSS 0.00
CVE-2018-3819 MEDIUM
Kibana < 5.6.7 - Open Redirect via Login Page
Mar 30, 2018
CVSS 6.1
EPSS 0.00
CVE-2018-3818 MEDIUM
Kibana 5.1.1-6.1.2 - Cross-Site Scripting via Colored Fields Formatter
Mar 30, 2018
CVSS 6.1
EPSS 0.00
CVE-2018-3817 MEDIUM
Logstash < 5.6.6 and 6.x < 6.1.2 - Sensitive Information Disclosure in Deprecated Settings Log
Mar 30, 2018
CVSS 6.5
EPSS 0.00
CVE-2017-11482 MEDIUM
Kibana <6.0.1-5.6.5 - Open Redirect
Dec 08, 2017
CVSS 6.1
EPSS 0.00
CVE-2017-11481 MEDIUM
Kibana < 6.0.1 and 5.6.5 - Cross-Site Scripting via URL Fields
Dec 08, 2017
CVSS 6.1
EPSS 0.00
Products
kibana 103 elasticsearch 47 Kibana 18 logstash 13 elastic_cloud_enterprise 9 x-pack 9 beats 7 Elastic X-Pack Security 6 elastic_agent 5 endpoint_security 5 enterprise_search 5 Logstash 4 Packetbeat 3 apm_agent 3 apm_server 3 APM Server 2 Elastic Defend 2 X-Pack Security 2 apm-server 2 elastic_app_search 2 elastic_beats 2 elastic_cloud_on_kubernetes 2 elasticsearch_x-pack 2 endgame 2 filebeat 2 kibana_x-pack 2 logstash_x-pack 2 Beats 1 Elastic Cloud Enterprise 1 Elastic Package Registry 1
Quick Filters
Critical CVEs With Exploits In CISA KEV