Known Vulnerabilities for products from Elastic

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Elastic".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-23051 On BIG-IP versions through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver i... 7.5 - HIGH 2021-09-14 2021-09-14
CVE-2021-22149 Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorizat... 8.8 - HIGH 2021-09-15 2021-09-25
CVE-2021-22148 Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the s... 8.8 - HIGH 2021-09-15 2021-10-18
CVE-2021-22147 Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an au... 6.5 - MEDIUM 2021-09-15 2021-10-08
CVE-2021-22146 All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. ... 7.5 - HIGH 2021-07-21 2021-09-21
CVE-2021-22145 A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability t... 6.5 - MEDIUM 2021-07-21 2021-09-21
CVE-2021-22144 In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of ser... 6.5 - MEDIUM 2021-07-26 2021-09-21
CVE-2021-22140 Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Se... 7.5 - HIGH 2021-05-13 2021-05-21
CVE-2021-22139 Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of tim... 6.5 - MEDIUM 2021-05-13 2021-05-21
CVE-2021-22138 In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring f... 3.7 - LOW 2021-05-13 2021-06-29
CVE-2021-22137 In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security... 5.3 - MEDIUM 2021-05-13 2021-09-07
CVE-2021-22136 In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the 3.5 - LOW 2021-05-13 2021-05-21
CVE-2021-22135 Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester a... 5.3 - MEDIUM 2021-05-13 2021-09-07
CVE-2021-22134 A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Sec... 4.3 - MEDIUM 2021-03-08 2021-05-05
CVE-2021-22133 The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details durin... 2.4 - LOW 2021-02-10 2021-02-16
CVE-2021-22132 Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an a... 4.8 - MEDIUM 2021-01-14 2021-02-22
CVE-2020-27816 The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is pos... 6.1 - MEDIUM 2020-12-02 2020-12-04
CVE-2020-10743 It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it pos... 4.3 - MEDIUM 2021-06-02 2021-06-10
CVE-2020-7021 Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_... 4.9 - MEDIUM 2021-02-10 2021-03-26
CVE-2020-7020 Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is us... 3.1 - LOW 2020-10-22 2020-11-23

Known software with vulnerabilities from Elastic

Type Vendor Product Version
ApplicationElasticApm Agent-
ApplicationElasticElastic App Search7.7.0
ApplicationElasticElastic Cloud Enterprise1.0.0
ApplicationElasticElastic Cloud On Kubernetes1.1.0
ApplicationElasticElasticsearch X-pack5.0.0
ApplicationElasticEnterprise Search-
ApplicationElasticKibana Reporting2.4.0
ApplicationElasticKibana X-pack5.0.0
ApplicationElasticLogstash X-pack5.6.0
Trademarks for Elastic obtained from
Mark Image Details

Popular searches for "Elastic"

Free and Open Search: The Creators of Elasticsearch, ELK & Kibana | Elastic

O KFree and Open Search: The Creators of Elasticsearch, ELK & Kibana | Elastic Elastic Observability Elastic Security Elastic ELK Stack. Retain and search more data with searchable snapshots on low-cost object stores a new cold data tier in 7.11. There's always budget for free. We deliver the complete Elasticsearch experience with flexible pricing. Elasticsearch Kibana Road America Data Observability Stack (abstract data type) Free software Snapshot (computer storage) Web search engine Search algorithm Enterprise search Search engine technology Computer security Pricing Cloud computing Scalability Elastic NV Information technology Customer Apache Hadoop

Elastic Products: Search, Analytics, Logging, and Security | Elastic

H DElastic Products: Search, Analytics, Logging, and Security | Elastic The Elastic ELK Stack comprised of Elasticsearch, Kibana, Beats, and Logstash is trusted by individual users to Fortune 100 companies alike for logging, APM, security, and more. Elasticsearch Log file Cloud computing Stack (abstract data type) Analytics Road America Computer security Kibana Observability Orchestration (computing) Software deployment Fortune 500 Apache Hadoop Enterprise search Security Search engine technology Web search engine Search algorithm User (computing) Advanced Power Management