Known Vulnerabilities for products from Elastic

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Elastic".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2022-34844 In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Dev... 7.5 - HIGH 2022-08-04 2022-08-04
CVE-2022-23714 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 7.8 - HIGH 2022-07-06 2022-07-14
CVE-2022-23713 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 6.1 - MEDIUM 2022-07-06 2022-07-14
CVE-2022-23712 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 7.5 - HIGH 2022-06-06 2022-07-07
CVE-2022-23711 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 5.3 - MEDIUM 2022-04-21 2022-05-03
CVE-2022-23710 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 6.1 - MEDIUM 2022-03-03 2022-04-18
CVE-2022-23709 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 4.3 - MEDIUM 2022-03-03 2022-03-16
CVE-2022-23708 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 4.3 - MEDIUM 2022-03-03 2022-07-29
CVE-2022-23707 An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to ... 5.4 - MEDIUM 2022-02-11 2022-02-22
CVE-2021-37941 A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious fil... 7.8 - HIGH 2021-12-08 2021-12-14
CVE-2021-37940 An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search ... 6.8 - MEDIUM 2021-12-07 2021-12-09
CVE-2021-37939 It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on inte... 2.7 - LOW 2021-11-18 2021-11-23
CVE-2021-37938 It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would... 4.3 - MEDIUM 2021-11-18 2021-11-23
CVE-2021-22149 Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorizat... 8.8 - HIGH 2021-09-15 2021-09-25
CVE-2021-22148 Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the s... 8.8 - HIGH 2021-09-15 2021-10-18
CVE-2021-22147 Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an au... 6.5 - MEDIUM 2021-09-15 2022-01-18
CVE-2021-22146 All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. ... 7.5 - HIGH 2021-07-21 2022-07-12
CVE-2021-22145 A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability t... 6.5 - MEDIUM 2021-07-21 2022-05-10
CVE-2021-22144 In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of ser... 6.5 - MEDIUM 2021-07-26 2022-05-10
CVE-2021-22140 Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Se... 7.5 - HIGH 2021-05-13 2021-05-21

Known software with vulnerabilities from Elastic

Type Vendor Product Version
ApplicationElasticApm Agent-
ApplicationElasticApm-agent-ruby-
ApplicationElasticElastic App Search7.7.0
ApplicationElasticElastic Cloud Enterprise1.0.0
ApplicationElasticElastic Cloud On Kubernetes1.1.0
ApplicationElasticElasticsearch0.4.0
ApplicationElasticElasticsearch X-pack5.0.0
ApplicationElasticEnterprise Search-
ApplicationElasticKibana0.4.0
ApplicationElasticKibana Reporting2.4.0
ApplicationElasticKibana X-pack5.0.0
ApplicationElasticLogstash1.0.0
ApplicationElasticLogstash X-pack5.6.0
ApplicationElasticWinlogbeat1.1.0
ApplicationElasticX-pack5.0.0
Trademarks for Elastic obtained from uspto.report
Mark Image Details
ELASTIC
"ELASTIC"
86876148
ELASTIC
Elastic
2016-01-14

Popular searches for "Elastic"

Free and Open Search: The Creators of Elasticsearch, ELK & Kibana | Elastic

www.elastic.co

O KFree and Open Search: The Creators of Elasticsearch, ELK & Kibana | Elastic Elastic Observability Elastic Security Elastic ELK Stack. Retain and search more data with searchable snapshots on low-cost object stores a new cold data tier in 7.11. There's always budget for free. We deliver the complete Elasticsearch experience with flexible pricing. elastic.co

www.elasticsearch.org/contributor-agreement www.elasticsearch.org elasticsearch.org www.elasticsearch.com www.elasticsearch.org/overview/kibana elasticsearch.com Elasticsearch Kibana Road America Data Observability Stack (abstract data type) Free software Snapshot (computer storage) Web search engine Search algorithm Enterprise search Search engine technology Computer security Pricing Cloud computing Scalability Elastic NV Information technology Customer Apache Hadoop

Elastic Products: Search, Analytics, Logging, and Security | Elastic

www.elastic.co/products

H DElastic Products: Search, Analytics, Logging, and Security | Elastic The Elastic ELK Stack comprised of Elasticsearch, Kibana, Beats, and Logstash is trusted by individual users to Fortune 100 companies alike for logging, APM, security, and more.

www.elastic.co/solutions www.elastic.co/v5 elastic.co/solutions www.elasticsearch.com/products www.elastic.co/v7 bit.ly/ELKStack Elasticsearch Log file Cloud computing Stack (abstract data type) Analytics Road America Computer security Kibana Observability Orchestration (computing) Software deployment Fortune 500 Apache Hadoop Enterprise search Security Search engine technology Web search engine Search algorithm User (computing) Advanced Power Management