Elastic Elasticsearch 6.8.15

CPE Details

Elastic Elasticsearch 6.8.15
elastic
elasticsearch
6.8.15
2021-05-19
20h18 +00:00
2021-05-24
17h55 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:elastic:elasticsearch:6.8.15:*:*:*:*:*:*:*

Informations

Vendor

elastic

Product

elasticsearch

Version

6.8.15

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-46674 2023-12-05 17h21 +00:00 An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue.
7.8
High
CVE-2023-31418 2023-10-26 17h36 +00:00 An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.
7.5
High
CVE-2021-22144 2021-07-26 09h48 +00:00 In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.
6.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.