Known Vulnerabilities for Enterprise Search by Elastic

Listed below are 4 of the newest known vulnerabilities associated with "Enterprise Search" by "Elastic".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-34260 json SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to ... Not Provided 2026-05-12 2026-05-12
CVE-2026-22019 json Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Person Search). T... Not Provided 2026-04-21 2026-04-22
CVE-2026-9152 json A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index op... Not Provided 2026-05-21 2026-05-21
CVE-2021-47974 json VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services ... Not Provided 2026-05-16 2026-05-18
CVE-2021-37940 json An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search ... 6.8 - MEDIUM 2021-12-07 2021-12-09
CVE-2021-22149 json Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorizat... 8.8 - HIGH 2021-09-15 2022-10-25
CVE-2021-22148 json Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the s... 8.8 - HIGH 2021-09-15 2021-10-18
CVE-2020-28209 json A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.... 8.8 - HIGH 2020-11-19 2026-05-28
CVE-2020-7018 json Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the... 8.8 - HIGH 2020-08-18 2020-08-26
CVE-2013-1609 json Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec... 8.8 - HIGH 2013-03-26 2026-05-22
Results limited to 10 most recent vulnerabilities

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationElasticEnterprise Search7.9.0
ApplicationElasticEnterprise Search7.8.1
ApplicationElasticEnterprise Search7.8.0
ApplicationElasticEnterprise Search7.7.1
ApplicationElasticEnterprise Search7.7.0
ApplicationElasticEnterprise Search-
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report