elastic
256 tracked vulnerabilities.
CVE-2020-7019
MEDIUM
Elasticsearch <6.8.12 and 7.0.0-7.9.0 - Improper Privilege Management via Scrolling Search Field Disclosure
Aug 18, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-7018
HIGH
Elastic Enterprise Search < 7.9.0 - Privilege Escalation via Developer Role Credential Exposure
Aug 18, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-7015
MEDIUM
Kibana < 6.8.10 - Stored Cross-Site Scripting in TSVB Visualization
Jun 03, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-7014
HIGH
Elasticsearch 6.7.0-6.8.7 and 7.0.0-7.6.1 - Privilege Escalation via API Key and Authentication Token Manipulation
Jun 03, 2020
CVSS 8.8
EPSS 0.02
CVE-2020-7013
HIGH
Kibana < 6.8.9 - Authenticated Remote Code Execution via TSVB Visualization
Jun 03, 2020
CVSS 7.2
EPSS 0.02
CVE-2020-7012
HIGH
Kibana 6.7.0-6.8.8 and 7.0.0-7.6.2 - Authenticated Code Injection in Upgrade Assistant
Jun 03, 2020
CVSS 8.8
EPSS 0.18
CVE-2020-7011
MEDIUM
Elastic App Search < 7.7.0 - Cross-Site Scripting in Reference UI Document URL Display
Jun 03, 2020
CVSS 6.1
EPSS 0.01
CVE-2020-7010
HIGH
Elastic Cloud on Kubernetes <1.1.0 - Info Disclosure
Jun 03, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-7009
HIGH
Elasticsearch 6.7.0-6.8.7 and 7.0.0-7.6.1 - Privilege Escalation via API Key Generation
Mar 31, 2020
CVSS 8.8
EPSS 0.02
CVE-2019-7621
MEDIUM
Kibana < 6.8.6 - Stored Cross-Site Scripting in Coordinate and Region Map Visualizations
Dec 18, 2019
CVSS 5.4
EPSS 0.01
CVE-2019-7620
HIGH
Logstash 6.0.0-6.8.3 - Unauthenticated Denial of Service via Beats Input Plugin
Oct 30, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-7619
MEDIUM
Elasticsearch <7.4 - Info Disclosure
Oct 30, 2019
CVSS 5.3
EPSS 0.02
CVE-2019-7618
MEDIUM
Elastic Code <7.3.2 - Info Disclosure
Oct 01, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-7617
HIGH
Elastic APM agent for Python <5.1.0 - Open Redirect
Aug 22, 2019
CVSS 7.2
EPSS 0.02
CVE-2019-7616
MEDIUM
Kibana < 6.8.2 - Authenticated Server-Side Request Forgery via Timelion Graphite URL Configuration
Jul 30, 2019
CVSS 4.9
EPSS 0.02
CVE-2019-7615
HIGH
Elastic APM agent for Ruby <2.9.0 - Info Disclosure
Jul 30, 2019
CVSS 7.4
EPSS 0.01
CVE-2019-7614
MEDIUM
Elasticsearch <7.2.1-6.8.2 - Info Disclosure
Jul 30, 2019
CVSS 5.9
EPSS 0.01
CVE-2019-7613
HIGH
Winlogbeat <5.6.16,6.6.2 - Info Disclosure
Mar 25, 2019
CVSS 7.5
EPSS 0.01
CVE-2019-7612
CRITICAL
Logstash <5.6.15-6.6.1 - Info Disclosure
Mar 25, 2019
CVSS 9.8
EPSS 0.02
CVE-2019-7611
HIGH
Elasticsearch <5.6.15, 6.6.1 - Privilege Escalation
Mar 25, 2019
CVSS 8.1
EPSS 0.02
CVE-2019-7610
CRITICAL
Kibana < 5.6.15 - Remote Code Execution via Security Audit Logger
Mar 25, 2019
CVSS 9.0
EPSS 0.04
CVE-2019-7609
CRITICAL
KEVNUCLEI
Kibana Timelion Prototype Pollution RCE
Mar 25, 2019
CVSS 10.0
EPSS 0.95
CVE-2019-7608
MEDIUM
Kibana < 5.6.15 - Cross-Site Scripting
Mar 25, 2019
CVSS 6.1
EPSS 0.01
CVE-2018-17247
MEDIUM
Elasticsearch Security 6.5.0-6.5.1 - Info Disclosure
Dec 20, 2018
CVSS 5.9
EPSS 0.01
CVE-2018-17246
CRITICAL
NUCLEI
Kibana <6.4.3, 5.6.13 - Code Injection
Dec 20, 2018
CVSS 9.8
EPSS 0.82
Products
kibana 117
elasticsearch 50
Kibana 32
logstash 13
elastic_cloud_enterprise 9
x-pack 9
beats 7
Elastic X-Pack Security 6
endpoint_security 6
elastic_agent 5
enterprise_search 5
Logstash 4
Elastic Defend 3
Elasticsearch 3
Packetbeat 3
apm_agent 3
apm_server 3
APM Server 2
Fleet Server 2
X-Pack Security 2
apm-server 2
elastic_app_search 2
elastic_beats 2
elastic_cloud_on_kubernetes 2
elasticsearch_x-pack 2
endgame 2
filebeat 2
fleet_server 2
kibana_x-pack 2
logstash_x-pack 2
Quick Filters