Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2018-3829
In Elastic Cloud Enterprise (ECE) versions before 1.1.4 it exists that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE ins...
Elastic Elastic Cloud Enterprise
6.1
CVSSv3
CVE-2020-7011
Elastic App Search versions prior to 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of...
Elastic Elastic App Search
5.9
CVSSv3
CVE-2018-3825
In Elastic Cloud Enterprise (ECE) versions before 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can conn...
Elastic Elastic Cloud Enterprise
7.8
CVSSv3
CVE-2022-38774
An issue exists in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
Elastic Endgame
Elastic Endpoint Security
7.8
CVSSv3
CVE-2022-38777
An issue exists in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
Elastic Endgame
Elastic Endpoint Security
6.5
CVSSv3
CVE-2022-23715
A flaw exists in ECE prior to 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /ap...
Elastic Elastic Cloud Enterprise
5.3
CVSSv3
CVE-2022-23716
A flaw exists in ECE prior to 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.
Elastic Elastic Cloud Enterprise
5.3
CVSSv3
CVE-2023-31416
Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment.
Elastic Elastic Cloud On Kubernetes
Elastic Apm Server
9.8
CVSSv3
CVE-2017-4955
An issue exists in Pivotal PCF Elastic Runtime 1.6.x versions before 1.6.65, 1.7.x versions before 1.7.48, 1.8.x versions before 1.8.28, and 1.9.x versions before 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.
Pivotal Software Cloud Foundry Elastic Runtime 1.9.2
Pivotal Software Cloud Foundry Elastic Runtime 1.9.1
Pivotal Software Cloud Foundry Elastic Runtime 1.8.27
Pivotal Software Cloud Foundry Elastic Runtime 1.8.26
Pivotal Software Cloud Foundry Elastic Runtime 1.8.12
Pivotal Software Cloud Foundry Elastic Runtime 1.8.11
Pivotal Software Cloud Foundry Elastic Runtime 1.8.10
Pivotal Software Cloud Foundry Elastic Runtime 1.8.9
Pivotal Software Cloud Foundry Elastic Runtime 1.7.42
Pivotal Software Cloud Foundry Elastic Runtime 1.7.41
Pivotal Software Cloud Foundry Elastic Runtime 1.7.40
Pivotal Software Cloud Foundry Elastic Runtime 1.7.39
Pivotal Software Cloud Foundry Elastic Runtime 1.7.26
Pivotal Software Cloud Foundry Elastic Runtime 1.7.25
Pivotal Software Cloud Foundry Elastic Runtime 1.7.24
Pivotal Software Cloud Foundry Elastic Runtime 1.7.23
Pivotal Software Cloud Foundry Elastic Runtime 1.7.22
Pivotal Software Cloud Foundry Elastic Runtime 1.7.9
Pivotal Software Cloud Foundry Elastic Runtime 1.7.8
Pivotal Software Cloud Foundry Elastic Runtime 1.7.7
Pivotal Software Cloud Foundry Elastic Runtime 1.7.6
Pivotal Software Cloud Foundry Elastic Runtime 1.6.56
9.8
CVSSv3
CVE-2017-2773
An issue exists in Pivotal PCF Elastic Runtime 1.6.x versions before 1.6.60, 1.7.x versions before 1.7.41, 1.8.x versions before 1.8.23, and 1.9.x versions before 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged malicious users to impers...
Pivotal Software Cloud Foundry Elastic Runtime 1.8.17
Pivotal Software Cloud Foundry Elastic Runtime 1.8.15
Pivotal Software Cloud Foundry Elastic Runtime 1.8.10
Pivotal Software Cloud Foundry Elastic Runtime 1.8.8
Pivotal Software Cloud Foundry Elastic Runtime 1.8.1
Pivotal Software Cloud Foundry Elastic Runtime 1.7.39
Pivotal Software Cloud Foundry Elastic Runtime 1.7.32
Pivotal Software Cloud Foundry Elastic Runtime 1.7.30
Pivotal Software Cloud Foundry Elastic Runtime 1.7.25
Pivotal Software Cloud Foundry Elastic Runtime 1.7.23
Pivotal Software Cloud Foundry Elastic Runtime 1.7.16
Pivotal Software Cloud Foundry Elastic Runtime 1.7.14
Pivotal Software Cloud Foundry Elastic Runtime 1.7.7
Pivotal Software Cloud Foundry Elastic Runtime 1.7.5
Pivotal Software Cloud Foundry Elastic Runtime 1.6.59
Pivotal Software Cloud Foundry Elastic Runtime 1.6.57
Pivotal Software Cloud Foundry Elastic Runtime 1.6.50
Pivotal Software Cloud Foundry Elastic Runtime 1.6.48
Pivotal Software Cloud Foundry Elastic Runtime 1.6.41
Pivotal Software Cloud Foundry Elastic Runtime 1.6.39
Pivotal Software Cloud Foundry Elastic Runtime 1.6.34
Pivotal Software Cloud Foundry Elastic Runtime 1.6.32
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »