321
CVEs
25
Critical
101
High
3
KEV
20
PoC
71
Unpatched C/H
42.4%
Patch Rate
3.3%
Avg EPSS
Severity Breakdown
CRITICAL
25
HIGH
101
MEDIUM
184
LOW
10
Monthly CVE Trend
Affected Products (30)
Kibana
73
Elasticsearch
44
Cloud Foundry Elastic Runtime
23
Elastic Services Controller
19
Cloud Foundry Uaa
11
Java
10
Open Redirect
9
Peoplesoft Enterprise Peopletools
9
Cf Release
8
Python
8
Redis
8
Cloud Foundry
7
Elastic Storage Server
6
Cloud Foundry Uaa Bosh
6
Elastic Cloud Enterprise
6
Cloud Foundry Ops Manager
5
Elastic Agent
5
Openshift Container Platform
5
Opensearch
5
Communications Cloud Native Core Automated Test Suite
4
Kubernetes
4
Docker
4
Enterprise Search
4
Logstash
4
Mattermost
3
X Pack
3
Prototype Pollution
3
PHP
3
Tomcat
3
Endpoint Security
3
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2015-1427 | The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | CRITICAL | 9.8 | 92.3% | 226 |
KEV
PoC
|
| CVE-2014-3120 | The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 8.1 | 82.6% | 208 |
KEV
PoC
|
| CVE-2017-12629 | Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.9%. | CRITICAL | 9.8 | 93.9% | 163 |
PoC
|
| CVE-2015-5531 | Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.0%. | MEDIUM | 5.0 | 92.0% | 137 |
PoC
|
| CVE-2015-3337 | Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 91.1%. | MEDIUM | 4.3 | 91.1% | 133 |
PoC
|
| CVE-2019-7609 | Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 10.0 | 95.3% | 85 |
KEV
PoC
No patch
|
| CVE-2020-7012 | Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | HIGH | 8.8 | 18.2% | 79 |
PoC
No patch
|
| CVE-2018-17246 | Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.8 | 82.3% | 69 |
PoC
No patch
|
| CVE-2021-32743 | Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.8 | 1.8% | 64 |
PoC
No patch
|
| CVE-2022-31115 | opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available. | HIGH | 8.8 | 1.5% | 64 |
PoC
|
| CVE-2023-43116 | A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.8 | 0.3% | 59 |
PoC
|
| CVE-2021-22146 | All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.5 | 27.8% | 58 |
PoC
No patch
|
| CVE-2023-43741 | A time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to bypass a symbolic link check for the. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available. | HIGH | 7.0 | 0.2% | 55 |
PoC
|
| CVE-2017-6683 | A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | HIGH | 8.8 | 9.5% | 53 |
No patch
|
| CVE-2021-22145 | A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available. | MEDIUM | 6.5 | 76.2% | 52 |
PoC
|