Skip to main content

Elastic

Vendor security scorecard – 321 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 971
321
CVEs
25
Critical
101
High
3
KEV
20
PoC
71
Unpatched C/H
42.4%
Patch Rate
3.3%
Avg EPSS

Severity Breakdown

CRITICAL
25
HIGH
101
MEDIUM
184
LOW
10

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2015-1427 The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. CRITICAL 9.8 92.3% 226
KEV PoC
CVE-2014-3120 The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. HIGH 8.1 82.6% 208
KEV PoC
CVE-2017-12629 Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.9%. CRITICAL 9.8 93.9% 163
PoC
CVE-2015-5531 Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.0%. MEDIUM 5.0 92.0% 137
PoC
CVE-2015-3337 Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 91.1%. MEDIUM 4.3 91.1% 133
PoC
CVE-2019-7609 Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. CRITICAL 10.0 95.3% 85
KEV PoC No patch
CVE-2020-7012 Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. HIGH 8.8 18.2% 79
PoC No patch
CVE-2018-17246 Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. CRITICAL 9.8 82.3% 69
PoC No patch
CVE-2021-32743 Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. HIGH 8.8 1.8% 64
PoC No patch
CVE-2022-31115 opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available. HIGH 8.8 1.5% 64
PoC
CVE-2023-43116 A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. HIGH 7.8 0.3% 59
PoC
CVE-2021-22146 All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. HIGH 7.5 27.8% 58
PoC No patch
CVE-2023-43741 A time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to bypass a symbolic link check for the. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available. HIGH 7.0 0.2% 55
PoC
CVE-2017-6683 A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. HIGH 8.8 9.5% 53
No patch
CVE-2021-22145 A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available. MEDIUM 6.5 76.2% 52
PoC

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy