Known Vulnerabilities for products from Elastic
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Elastic".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-23051 | On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver i... | 7.5 - HIGH | 2021-09-14 | 2021-09-14 |
| CVE-2021-22149 | Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorizat... | 8.8 - HIGH | 2021-09-15 | 2021-09-25 |
| CVE-2021-22148 | Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the s... | 8.8 - HIGH | 2021-09-15 | 2021-10-18 |
| CVE-2021-22147 | Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an au... | 6.5 - MEDIUM | 2021-09-15 | 2021-10-08 |
| CVE-2021-22146 | All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. ... | 7.5 - HIGH | 2021-07-21 | 2021-09-21 |
| CVE-2021-22145 | A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability t... | 6.5 - MEDIUM | 2021-07-21 | 2021-09-21 |
| CVE-2021-22144 | In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of ser... | 6.5 - MEDIUM | 2021-07-26 | 2021-09-21 |
| CVE-2021-22140 | Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Se... | 7.5 - HIGH | 2021-05-13 | 2021-05-21 |
| CVE-2021-22139 | Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of tim... | 6.5 - MEDIUM | 2021-05-13 | 2021-05-21 |
| CVE-2021-22138 | In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring f... | 3.7 - LOW | 2021-05-13 | 2021-06-29 |
| CVE-2021-22137 | In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security... | 5.3 - MEDIUM | 2021-05-13 | 2021-09-07 |
| CVE-2021-22136 | In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idl... | 3.5 - LOW | 2021-05-13 | 2021-05-21 |
| CVE-2021-22135 | Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester a... | 5.3 - MEDIUM | 2021-05-13 | 2021-09-07 |
| CVE-2021-22134 | A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Sec... | 4.3 - MEDIUM | 2021-03-08 | 2021-05-05 |
| CVE-2021-22133 | The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details durin... | 2.4 - LOW | 2021-02-10 | 2021-02-16 |
| CVE-2021-22132 | Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an a... | 4.8 - MEDIUM | 2021-01-14 | 2021-02-22 |
| CVE-2020-27816 | The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is pos... | 6.1 - MEDIUM | 2020-12-02 | 2020-12-04 |
| CVE-2020-10743 | It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it pos... | 4.3 - MEDIUM | 2021-06-02 | 2021-06-10 |
| CVE-2020-7021 | Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_... | 4.9 - MEDIUM | 2021-02-10 | 2021-03-26 |
| CVE-2020-7020 | Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is us... | 3.1 - LOW | 2020-10-22 | 2020-11-23 |
Known software with vulnerabilities from Elastic
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Elastic | Apm Agent | - |
| Application | Elastic | Apm-agent-ruby | - |
| Application | Elastic | Elastic App Search | 7.7.0 |
| Application | Elastic | Elastic Cloud Enterprise | 1.0.0 |
| Application | Elastic | Elastic Cloud On Kubernetes | 1.1.0 |
| Application | Elastic | Elasticsearch | 0.4.0 |
| Application | Elastic | Elasticsearch X-pack | 5.0.0 |
| Application | Elastic | Enterprise Search | - |
| Application | Elastic | Kibana | 0.4.0 |
| Application | Elastic | Kibana Reporting | 2.4.0 |
| Application | Elastic | Kibana X-pack | 5.0.0 |
| Application | Elastic | Logstash | 1.0.0 |
| Application | Elastic | Logstash X-pack | 5.6.0 |
| Application | Elastic | Winlogbeat | 1.1.0 |
| Application | Elastic | X-pack | 5.0.0 |
Trademarks for Elastic obtained from uspto.report
| Mark Image | Details |
|---|---|
"ELASTIC" 86876148 |
ELASTIC
Elastic 2016-01-14 |
Popular searches for "Elastic"
Free and Open Search: The Creators of Elasticsearch, ELK & Kibana | Elastic
www.elastic.coO KFree and Open Search: The Creators of Elasticsearch, ELK & Kibana | Elastic Elastic Observability Elastic Security Elastic ELK Stack. Retain and search more data with searchable snapshots on low-cost object stores a new cold data tier in 7.11. There's always budget for free. We deliver the complete Elasticsearch experience with flexible pricing. elastic.co
www.elasticsearch.org/contributor-agreement www.elasticsearch.org elasticsearch.org www.elasticsearch.com www.elasticsearch.org/overview/kibana elasticsearch.com Elasticsearch Kibana Road America Data Observability Stack (abstract data type) Free software Snapshot (computer storage) Web search engine Search algorithm Enterprise search Search engine technology Computer security Pricing Cloud computing Scalability Elastic NV Information technology Customer Apache Hadoop
Elastic Products: Search, Analytics, Logging, and Security | Elastic
www.elastic.co/productsH DElastic Products: Search, Analytics, Logging, and Security | Elastic The Elastic ELK Stack comprised of Elasticsearch, Kibana, Beats, and Logstash is trusted by individual users to Fortune 100 companies alike for logging, APM, security, and more.
www.elastic.co/solutions www.elastic.co/v5 elastic.co/solutions www.elasticsearch.com/products www.elastic.co/v7 bit.ly/ELKStack Elasticsearch Log file Cloud computing Stack (abstract data type) Analytics Road America Computer security Kibana Observability Orchestration (computing) Software deployment Fortune 500 Apache Hadoop Enterprise search Security Search engine technology Web search engine Search algorithm User (computing) Advanced Power Management