6 matches found
Security Bulletin: Multiple security vulnerabilities have been identified in Elasticsearch shipped with IBM Tivoli Netcool Impact
Summary Elasticsearch is shipped with IBM Tivoli Netcool Impact, Information about multiple security vulnerabilities affecting elasticsearch has been published in a security bulletin. Vulnerability Details CVEID: CVE-2020-7020 DESCRIPTION: Elastic Enterprise Search could allow a remote...
ch.squaredesk.nova:metrics-elastic (>=4.0.0-beta-1 <=7.0.2), co.luminositylabs.oss.ica.migration:elasticsearch-loader (=0.2.0) +137 more potentially affected by CVE-2018-3824 via org.elasticsearch:elasticsearch (>=6.0.0 <=6.2.3)
org.elasticsearch:elasticsearch MAVEN version =6.0.0, =4.0.0-beta-1, =6.0.0, =6.1.1.0, =0.1.0-RC9, =5.0.3.9.6, =1.0, =1.2.0-2-ES6.0.0, =1.27.0, =0.217, =0.219, =6.0-7.beta1, =6.0-21.1 and more Source cves: CVE-2018-3824 Source advisory: OSV:GHSA-MJPC-QX7H-R8C9...
ai.grakn:grakn-dist (>=0.7.0 <=0.16.0), ai.grakn:grakn-test (=0.10.0) +1399 more potentially affected by CVE-2018-3824 via org.elasticsearch:elasticsearch (>=0.6.0 <=5.6.8)
org.elasticsearch:elasticsearch MAVEN version =0.6.0, =0.7.0, =0.6.1, =0.11.0, =0.3.0, =1.0.1, =1.0.0, =1.0.0-RELEASE, =1.1.0, =1.0.0, =1.1.0, =1.0.0, =1.4.0 and more Source cves: CVE-2018-3824 Source advisory: OSV:GHSA-MJPC-QX7H-R8C9...
Security Bulletin: Multiple vulnerabilities may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) offline documentation
Summary IBM Business Process Manager and IBM Business Automation Workflow offline documentation packages open source libraries with known vulnerabilities. Do not install offline documentation and remove existing installations with the fix provided below. Vulnerability Details CVEID: CVE-2021-2335...
CVE-2018-3824
CVE-2018-3824 affects Elastic X-Pack Machine Learning in Elasticsearch/Kibana prior to 6.2.4 and 5.6.9. An attacker who can inject data into an index with a running ML job can cause a cross-site scripting (XSS) payload to execute when a user views ML results, potentially exposing cookies or allow...
Elastic Stack 6.2.4 and 5.6.9 security update
X-Pack Machine Learning XSS vulnerability ESA-2018-06 X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting XSS vulnerability. Users with manageml permissions could create jobs containing malicious data as part of their configuration that could allow the attacker to...