Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2018/12/07 12:0 a.m.121 views

Elasticsearch ESA-2015-06

Elasticsearch versions prior to 1.6.1 are vulnerable to an attack that can result in remote code execution. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid119499; scriptversion"1.2"; scriptcvsdate"Date: 2019/11/01"; scriptcveid"CVE-2015-5377";...

9.8CVSS8.8AI score0.14863EPSS
Exploits2References2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.27 views

Security Bulletin: Multiple security vulnerabilities in Elasticsearch might affect Process Federation Server in IBM Business Process Manager (BPM) - CVE-2015-5531, CVE-2015-5377

Summary IBM Process Federation Server is an optional component that is shipped with IBM Business Process Manager BPM V8.5.6.0. It allows the collection of task information of existing IBM Business Process Manager environments to provide a federated task list. IBM Process Federation Server uses th...

9.8CVSS0.3AI score0.9175EPSS
Exploits9Affected Software3
Prion
Prion
added 2018/03/06 8:29 p.m.24 views

Design/Logic Flaw

DISPUTED Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability...

7.5CVSS8.1AI score0.42983EPSS
Exploits5References4Affected Software1
CVE
CVE
added 2018/03/06 8:0 p.m.173 views

CVE-2015-5377

Technical details for CVE-2015-5377 are not publicly available in the provided documents. Monitor for updates; the connected sources here do not disclose affected products/versions, root cause, or fixes specific to this CVE.

9.8CVSS9.6AI score0.14863EPSS
Exploits2References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/01/11 12:0 a.m.393 views

Elasticsearch Transport Protocol Unspecified Remote Code Execution

Elasticsearch could allow a remote attacker to execute arbitrary code on the system, caused by an error in the transport protocol. An attacker could exploit this vulnerability to execute arbitrary code on the system. C Tenable Network Security, Inc. include"compat.inc"; if description...

9.8CVSS8.7AI score0.14863EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2016/06/23 12:0 a.m.47 views

Elasticsearch < 1.6.1 Multiple Vulnerabilities - Windows

Elasticsearch is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:elasticsearch";...

9.8CVSS10AI score0.9175EPSS
Exploits9References3
securityvulns
securityvulns
added 2015/07/20 12:0 a.m.575 views

Elasticsearch CVE-2015-5377

Summary: Elasticsearch versions prior to 1.6.1 are vulnerable to an engineered attack on its transport protocol that enables remote code execution. This issue is related to the Groovy announcement in CVE-2015-3253. Deployments are vulnerable even when Groovy dynamic scripting is disabled. We have...

7.5CVSS2.7AI score0.42983EPSS
Exploits5
Rows per page
Query Builder