Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-23716
A flaw exists in ECE prior to 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.
Elastic Elastic Cloud Enterprise
3.5
CVSSv2
CVE-2018-3828
Elastic Cloud Enterprise (ECE) versions before 1.1.4 contain an information exposure vulnerability. It exists that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with ac...
Elastic Elastic Cloud Enterprise
4.3
CVSSv2
CVE-2020-7011
Elastic App Search versions prior to 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of...
Elastic Elastic App Search
NA
CVE-2023-31416
Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment.
Elastic Elastic Cloud On Kubernetes
Elastic Apm Server
NA
CVE-2022-23715
A flaw exists in ECE prior to 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /ap...
Elastic Elastic Cloud Enterprise
4.3
CVSSv2
CVE-2018-3825
In Elastic Cloud Enterprise (ECE) versions before 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can conn...
Elastic Elastic Cloud Enterprise
3.5
CVSSv2
CVE-2018-3829
In Elastic Cloud Enterprise (ECE) versions before 1.1.4 it exists that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE ins...
Elastic Elastic Cloud Enterprise
NA
CVE-2022-38774
An issue exists in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
Elastic Endgame
Elastic Endpoint Security
NA
CVE-2022-38777
An issue exists in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
Elastic Endgame
Elastic Endpoint Security
7.5
CVSSv2
CVE-2017-2773
An issue exists in Pivotal PCF Elastic Runtime 1.6.x versions before 1.6.60, 1.7.x versions before 1.7.41, 1.8.x versions before 1.8.23, and 1.9.x versions before 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged malicious users to impers...
Pivotal Software Cloud Foundry Elastic Runtime 1.8.17
Pivotal Software Cloud Foundry Elastic Runtime 1.8.15
Pivotal Software Cloud Foundry Elastic Runtime 1.8.10
Pivotal Software Cloud Foundry Elastic Runtime 1.8.8
Pivotal Software Cloud Foundry Elastic Runtime 1.8.1
Pivotal Software Cloud Foundry Elastic Runtime 1.7.39
Pivotal Software Cloud Foundry Elastic Runtime 1.7.32
Pivotal Software Cloud Foundry Elastic Runtime 1.7.30
Pivotal Software Cloud Foundry Elastic Runtime 1.7.25
Pivotal Software Cloud Foundry Elastic Runtime 1.7.23
Pivotal Software Cloud Foundry Elastic Runtime 1.7.16
Pivotal Software Cloud Foundry Elastic Runtime 1.7.14
Pivotal Software Cloud Foundry Elastic Runtime 1.7.7
Pivotal Software Cloud Foundry Elastic Runtime 1.7.5
Pivotal Software Cloud Foundry Elastic Runtime 1.6.59
Pivotal Software Cloud Foundry Elastic Runtime 1.6.57
Pivotal Software Cloud Foundry Elastic Runtime 1.6.50
Pivotal Software Cloud Foundry Elastic Runtime 1.6.48
Pivotal Software Cloud Foundry Elastic Runtime 1.6.41
Pivotal Software Cloud Foundry Elastic Runtime 1.6.39
Pivotal Software Cloud Foundry Elastic Runtime 1.6.34
Pivotal Software Cloud Foundry Elastic Runtime 1.6.32
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »