Download
| Alert*
oval:org.secpod.oval:def:24057
Elasticsearch is installed (rpm) oval:org.secpod.oval:def:24053 Elasticsearch is installed (dpkg) oval:org.secpod.oval:def:24055 The host is installed with Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle a crafted script. Successful exploitation could allow attackers to bypass the sandbox protection mechanism and exe ... oval:org.secpod.oval:def:24056 The host is installed with Elasticsearch before 1.2 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle the source parameter to _search. Successful exploitation could allow attackers to execute arbitrary MVEL expressions and Java cod ... oval:org.secpod.oval:def:24059 The host is installed with Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle a crafted script. Successful exploitation could allow attackers to bypass the sandbox protection mechanism and exe ... oval:org.secpod.oval:def:602068 John Heasman discovered that the site plugin handling of the Elasticsearch search engine was susceptible to directory traversal. oval:org.secpod.oval:def:24060 The host is installed with Elasticsearch before 1.2 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle the source parameter to _search. Successful exploitation could allow attackers to execute arbitrary MVEL expressions and Java cod ... oval:org.secpod.oval:def:62437 The host is installed with Elasticsearch 6.7.x through 6.8.7 and 7.x through 7.6.1 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle an issue in API Key service. Successful exploitation could allow attackers to perform a series of steps ... oval:org.secpod.oval:def:62436 The host is installed with Elasticsearch 6.7.x through 6.8.7 and 7.x through 7.6.1 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle an issue in API Key service. Successful exploitation could allow attackers to perform a series of steps ... oval:org.secpod.oval:def:48180 The host is installed with Elasticsearch 6.2.0 before 6.2.3 and is prone to a path traversal vulnerability. A flaw is present in the application, which allows attackers to make use of the SAML Identity Provider to impersonate a legitimate user. On successful exploitation, an attacker might be able t ... oval:org.secpod.oval:def:48181 The host is installed with Elasticsearch 6.2.0 before 6.2.3 and is prone to a path traversal vulnerability. A flaw is present in the application, which allows attackers to make use of the SAML Identity Provider to impersonate a legitimate user. On successful exploitation, an attacker might be able t ... oval:org.secpod.oval:def:76364 The host is installed with Elasticsearch 5.x before 6.8.21, 7.x before 7.16.1 or Logstash 5.x before 6.8.21, 7.x before 7.16.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an issue in Log4j library. Successful exploitation could ... oval:org.secpod.oval:def:76363 The host is installed with Elasticsearch 5.x before 6.8.21, 7.x before 7.16.1 or Logstash 5.x before 6.8.21, 7.x before 7.16.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an issue in Log4j library. Successful exploitation could ... oval:org.secpod.oval:def:109404 Elasticsearch is a search server based on Lucene. It provides a distributed, multitenant-capable full-text search engine with a RESTful web interface and schema-free JSON documents. Elasticsearch is developed in Java and is released as open source under the terms of the Apache License. It is a flexi ... |