HomePentest-Tools.com Logo

Elastic Elasticsearch Multiple Vulnerabilities (ESA-2021-06, ESA-2021-08) CVE-2021-22135CVE-2021-22137

Severity
CVSSv3 Score
5.3
Vulnerability description

Elasticsearch is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - CVE-2021-22135: Suggester & Profile API information disclosure flaw - CVE-2021-22137: Field disclosure flaw This could lead to disclosing the existence of documents and fields the attacker should not be able to view or result in an attacker gaining additional insight into potentially sensitive indices.

Recommendation

Update to version 6.8.15, 7.12.0 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
May 13, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available