Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic enterprise search vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-49923
An issue exists by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic ha...
Elastic Enterprise Search
NA
CVE-2023-21981
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromi...
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Peoplesoft Enterprise Peopletools 8.60
NA
CVE-2023-21844
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Peop...
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Peoplesoft Enterprise Peopletools 8.60
NA
CVE-2022-21639
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search Integration). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to co...
Oracle Peoplesoft Enterprise 8.59
Oracle Peoplesoft Enterprise 8.60
4
CVSSv2
CVE-2021-37940
An information disclosure via GET request server-side request forgery vulnerability exists with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be p...
Elastic Enterprise Search
5
CVSSv2
CVE-2021-37136
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
Netty Netty
Quarkus Quarkus
Oracle Peoplesoft Enterprise Peopletools 8.48
Oracle Webcenter Portal 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Banking Digital Experience 18.2
Oracle Banking Digital Experience 18.3
Oracle Banking Digital Experience 19.1
Oracle Banking Digital Experience 18.1
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Coherence 12.2.1.4.0
Oracle Webcenter Portal 12.2.1.4.0
Oracle Coherence 14.1.1.0.0
Oracle Banking Digital Experience 19.2
Oracle Banking Digital Experience 20.1
Oracle Commerce Guided Search 11.3.2
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.7.0
Oracle Banking Digital Experience 21.1
Oracle Banking Apis
Oracle Banking Apis 19.1
Oracle Banking Apis 19.2
5
CVSSv2
CVE-2021-37137
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can ...
Netty Netty
Oracle Webcenter Portal 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Banking Digital Experience 18.2
Oracle Banking Digital Experience 18.3
Oracle Banking Digital Experience 19.1
Oracle Banking Digital Experience 18.1
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Webcenter Portal 12.2.1.4.0
Oracle Banking Digital Experience 19.2
Oracle Banking Digital Experience 20.1
Oracle Commerce Guided Search 11.3.2
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Banking Digital Experience 21.1
Oracle Banking Apis
Oracle Banking Apis 19.1
Oracle Banking Apis 19.2
Oracle Banking Apis 20.1
Oracle Banking Apis 21.1
Oracle Communications Cloud Native Core Binding Support Function 1.10.0
Oracle Communications Diameter Signaling Router
Oracle Communications Brm - Elastic Charging Engine 12.0.0.5.0
6.5
CVSSv2
CVE-2021-22149
Elastic Enterprise Search App Search versions prior to 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users.
Elastic Enterprise Search
6.5
CVSSv2
CVE-2021-22148
Elastic Enterprise Search App Search versions prior to 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines.
Elastic Enterprise Search
4.6
CVSSv2
CVE-2021-22118
In Spring Framework, versions 5.2.x before 5.2.15 and versions 5.3.x before 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been upload...
Vmware Spring Framework
Oracle Retail Order Broker 16.0
Oracle Retail Predictive Application Server 15.0.3
Oracle Enterprise Data Quality 12.2.1.3.0
Oracle Retail Assortment Planning 16.0
Oracle Retail Financial Integration 16.0.3
Oracle Communications Network Integrity 7.3.6
Oracle Retail Integration Bus 16.0.3
Oracle Insurance Rules Palette 11.0.2
Oracle Insurance Rules Palette 11.1.0
Oracle Commerce Guided Search 11.3.2
Oracle Communications Element Manager
Oracle Communications Interactive Session Recorder 6.4
Oracle Communications Unified Inventory Management 7.4.1
Oracle Documaker
Oracle Enterprise Data Quality 12.2.1.4.0
Oracle Healthcare Data Repository 8.1.0
Oracle Insurance Policy Administration
Oracle Mysql Enterprise Monitor
Oracle Retail Customer Management And Segmentation Foundation
Oracle Communications Brm - Elastic Charging Engine 12.0.0.3
Oracle Communications Session Report Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »