Elastic Enterprise Search — known CVE vulnerabilities
Every CVE whose affected-product data names Elastic Enterprise Search, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2020-7018 — CVSS 8.8 (high): Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the…
CVE-2021-22148 — CVSS 8.8 (high): Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as…
CVE-2021-22149 — CVSS 8.8 (high): Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an…
CVE-2021-37940 — CVSS 6.8 (medium): An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github…
CVE-2023-49923 — CVSS 6.8 (medium): An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level…