CPE-5E9EB530-A6F0-4DFC-BAE7-B7E8046EAF01 Detail

CPE Details

Elastic Search Elastic Cloud Enterprise 1.0.1

Vendor

elastic

Product

elastic_cloud_enterprise

Version

1.0.1

Created

2019-09-26
13h40 +00:00

Modified

2019-09-26
13h40 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:elastic:elastic_cloud_enterprise:1.0.1:::::::*

Informations

Vendor

elastic

Product

elastic_cloud_enterprise

Version

1.0.1

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2023-31418	2023-10-26 17h36 +00:00	An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.	7.5	High
CVE-2022-23716	2022-09-28 17h34 +00:00	A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.	5.3	Medium
CVE-2022-23715	2022-08-25 15h25 +00:00	A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore	6.5	Medium
CVE-2018-3825	2018-09-19 17h00 +00:00	In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.	5.9	Medium
CVE-2018-3828	2018-09-19 17h00 +00:00	Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to the logging cluster may obtain leaked credentials and perform authenticated actions using these credentials.	7.5	High
CVE-2018-3829	2018-09-19 17h00 +00:00	In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data.	5.3	Medium

Elastic Search Elastic Cloud Enterprise 1.0.1

CPE Details

CPE Name: cpe:2.3:a:elastic:elastic_cloud_enterprise:1.0.1:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:elastic:elastic_cloud_enterprise:1.0.1:::::::*