CVE-2021-22135

Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled ...

Design/Logic Flaw

Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled ...

Elasticsearch 信息泄露漏洞

Elasticsearch is a set of Dutch Elasticsearch company built on Lucene open source distributed RESTful search engine . The product is mainly used in cloud computing and supports data indexing using JSON over HTTP. Elasticsearch There is an information disclosure vulnerability that can be exploited...

Tangro Business Workflow Authorization Issues Vulnerability (CNVD-2020-74071)

Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. A security vulnerability exists in Tangro Business Workflow versions prior to 1.18.1, which can be exploited by an attacker to...

CVE-2020-26175

In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in order to change profile information of other users...

Profile API CreateEnvBlock Local Information Disclosure

The exported function CreateEnvBlock from profapi.dll which is used by the CreateEnvironmentBlock API function has an information disclosure vulnerability when building the environment block for a user which can be locally exploited to disclose heap memory of a process calling the API. For exampl...