Skip to main content

Elastic Cloud Enterprise

8 CVEs product

Monthly

CVE-2025-37736 HIGH This Month

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Authentication Bypass Privilege Escalation Elastic Cloud Enterprise
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-37282 CRITICAL Act Now

It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Elastic Cloud Enterprise
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-31418 Maven HIGH PATCH This Week

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Denial Of Service Elasticsearch Elastic Cloud Enterprise
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-23716 MEDIUM This Month

A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Elastic Cloud Enterprise
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-23715 MEDIUM This Month

A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elastic Elastic Cloud Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2018-3829 MEDIUM This Month

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Elastic Authentication Bypass Elastic Cloud Enterprise
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2018-3828 HIGH This Week

Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Elastic Information Disclosure Elastic Cloud Enterprise
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2018-3825 MEDIUM This Month

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Information Disclosure Elastic Cloud Enterprise
NVD
CVSS 3.0
5.9
EPSS
0.6%
EPSS 0% CVSS 8.8
HIGH This Month

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Authentication Bypass Privilege Escalation +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Elastic Cloud Enterprise
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Denial Of Service Elasticsearch +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Elastic Cloud Enterprise
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elastic Elastic Cloud Enterprise
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Elastic Authentication Bypass Elastic Cloud Enterprise
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Elastic Information Disclosure Elastic Cloud Enterprise
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Information Disclosure Elastic Cloud Enterprise
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy