elastic

237 tracked vulnerabilities.

CVE-2017-11480 HIGH
Packetbeat < 5.6.4 - Denial of Service in PostgreSQL Protocol Handler
Dec 08, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-8448 HIGH
Elastic X-Pack Alerting 5.0.0-5.6.0 - Improper Privilege Management via Watch Creation
Sep 29, 2017
CVSS 8.8
EPSS 0.00
CVE-2017-8447 MEDIUM
Elastic X-Pack Security 5.3.0-5.5.2 - Improper Privilege Management
Sep 29, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-8444 MEDIUM
Elastic Cloud Enterprise < 1.0.2 - Cleartext Transmission of Sensitive Information to ZooKeeper
Sep 29, 2017
CVSS 5.9
EPSS 0.00
CVE-2017-11479 MEDIUM
Kibana < 5.6.1 - Cross-Site Scripting in Timelion
Sep 29, 2017
CVSS 6.1
EPSS 0.00
CVE-2017-8446 MEDIUM
Elastic X-Pack Reporting < 5.5.2 and < 2.4.6 - Privilege Escalation via Reporting User Impersonation
Aug 18, 2017
CVSS 5.3
EPSS 0.00
CVE-2017-8445 MEDIUM
Elastic X-Pack Security 5.0.0-5.5.1 - Improper Certificate Validation in TLS Trust Manager
Aug 18, 2017
CVSS 5.5
EPSS 0.00
CVE-2017-8442 MEDIUM
Elasticsearch X-Pack Security <5.4.3 - Info Disclosure
Jul 07, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-8443 MEDIUM
Kibana X-Pack Security < 5.4.3 - Unauthenticated Credential Exposure via Crafted Login URL
Jun 30, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-8452 HIGH
Kibana < 5.2.1 - Denial of Service via File Descriptor Leak
Jun 16, 2017
CVSS 7.5
EPSS 0.00
CVE-2017-8451 MEDIUM
Kibana < 5.3.0 and Elastic X-Pack Security < 5.3.1 - Open Redirect via Login Page
Jun 16, 2017
CVSS 6.1
EPSS 0.00
CVE-2017-8450 HIGH
Elastic X-Pack 5.1.1 - Unauthorized Exposure of Sensitive Information via Multi-Search and Multi-Get Requests
Jun 16, 2017
CVSS 7.5
EPSS 0.00
CVE-2017-8449 MEDIUM
Elastic X-Pack Security 5.2.0-5.2.1 - Sensitive Information Exposure via FLS Rule Merging
Jun 16, 2017
CVSS 5.9
EPSS 0.00
CVE-2017-8441 MEDIUM
Elastic X-Pack Security < 5.4.1 and 5.3.3 - Unauthorized Data Access via Index Alias
Jun 05, 2017
CVSS 4.3
EPSS 0.00
CVE-2017-8440 MEDIUM
Kibana 5.3.0-5.3.3 and >=5.4.1 - Cross-Site Scripting in Discover Page
Jun 05, 2017
CVSS 6.1
EPSS 0.00
CVE-2017-8439 MEDIUM
Kibana 5.4.0 - Cross-Site Scripting in Time Series Visual Builder
Jun 05, 2017
CVSS 6.1
EPSS 0.00
CVE-2017-8438 HIGH
Elastic X-Pack Security 5.0.0-5.4.0 - Improper Privilege Management in run_as Functionality
Jun 05, 2017
CVSS 8.8
EPSS 0.00
CVE-2016-10366 MEDIUM
Kibana 4.3-4.6.2 - Cross-Site Scripting
Jun 16, 2017
CVSS 6.1
EPSS 0.00
CVE-2016-10365 MEDIUM
Kibana < 4.6.3 and < 5.0.1 - Open Redirect via Crafted Link
Jun 16, 2017
CVSS 6.1
EPSS 0.00
CVE-2016-10364 MEDIUM
Kibana 5.0.0-5.0.1 - Authenticated Privilege Escalation via Advanced Settings and Short URL Service
Jun 16, 2017
CVSS 6.5
EPSS 0.00
CVE-2016-10363 HIGH
Logstash < 2.3.3 - Denial of Service via Netflow Codec Plugin
Jun 16, 2017
CVSS 7.5
EPSS 0.01
CVE-2016-10362 MEDIUM
Logstash < 5.0.1 - Sensitive Information Exposure via Elasticsearch Output Plugin
Jun 16, 2017
CVSS 6.5
EPSS 0.00
CVE-2016-1000222 HIGH
Logstash < 2.1.1 - Argument Injection via CSV Output
Jun 16, 2017
CVSS 7.5
EPSS 0.00
CVE-2016-1000221 HIGH
Logstash < 2.3.4 - Sensitive Information Exposure via Elasticsearch Output Plugin
Jun 16, 2017
CVSS 7.5
EPSS 0.01
CVE-2016-1000220 MEDIUM
Kibana 4.1.0-4.1.10 - Cross-Site Scripting
Jun 16, 2017
CVSS 6.1
EPSS 0.00
Products
kibana 103 elasticsearch 47 Kibana 18 logstash 13 elastic_cloud_enterprise 9 x-pack 9 beats 7 Elastic X-Pack Security 6 elastic_agent 5 endpoint_security 5 enterprise_search 5 Logstash 4 Packetbeat 3 apm_agent 3 apm_server 3 APM Server 2 Elastic Defend 2 X-Pack Security 2 apm-server 2 elastic_app_search 2 elastic_beats 2 elastic_cloud_on_kubernetes 2 elasticsearch_x-pack 2 endgame 2 filebeat 2 kibana_x-pack 2 logstash_x-pack 2 Beats 1 Elastic Cloud Enterprise 1 Elastic Package Registry 1
Quick Filters
Critical CVEs With Exploits In CISA KEV