Elastic Elastic Cloud Enterprise — known CVE vulnerabilities
Every CVE whose affected-product data names Elastic Elastic Cloud Enterprise, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2025-37729 — CVSS 9.1 (critical): Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with…
CVE-2025-37736 — CVSS 8.8 (high): Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that…
CVE-2024-37282 — CVSS 8.1 (high): It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be…
CVE-2018-3828 — CVSS 7.5 (high): Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain…
CVE-2023-31418 — CVSS 7.5 (high): An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an…
CVE-2022-23715 — CVSS 6.5 (medium): A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and…
CVE-2018-3825 — CVSS 5.9 (medium): In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper…
CVE-2022-23716 — CVSS 5.3 (medium): A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in…
CVE-2018-3829 — CVSS 5.3 (medium): In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an…