Known Vulnerabilities for Enterprise Search by Elastic
Listed below are 4 of the newest known vulnerabilities associated with "Enterprise Search" by "Elastic".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-37940 | An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search ... | 6.8 - MEDIUM | 2021-12-07 | 2021-12-09 |
| CVE-2021-22149 | Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorizat... | 8.8 - HIGH | 2021-09-15 | 2022-10-25 |
| CVE-2021-22148 | Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the s... | 8.8 - HIGH | 2021-09-15 | 2021-10-18 |
| CVE-2020-7018 | Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the... | 8.8 - HIGH | 2020-08-18 | 2020-08-26 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Elastic | Enterprise Search | 7.9.0 | All | All | All |
| Application | Elastic | Enterprise Search | 7.8.1 | All | All | All |
| Application | Elastic | Enterprise Search | 7.8.0 | All | All | All |
| Application | Elastic | Enterprise Search | 7.7.1 | All | All | All |
| Application | Elastic | Enterprise Search | 7.7.0 | All | All | All |
| Application | Elastic | Enterprise Search | - | All | All | All |