3 matches found
Security Bulletin: Vulnerability in Elasticsearch affects IBM Cloud Private (CVE-2021-22138)
Summary There is a vulnerability in the Elasticsearch open source library. The library is used by IBM Cloud Private logging. This bulletin identifies the security fixes to apply to address the Elasticsearch vulnerability CVE-2021-22138. Vulnerability Details CVEID: CVE-2021-22138 DESCRIPTION:...
Security Bulletin: Vulnerability in Elasticsearch affects IBM Cloud Private (CVE-2021-22138)
Summary There is a vulnerability in the Elasticsearch open source library. The library is used by IBM Cloud Private logging. This bulletin identifies the security fixes to apply to address the Elasticsearch vulnerability CVE-2021-22138. Vulnerability Details CVEID: CVE-2021-22138 DESCRIPTION:...
CVE-2021-22138
CVE-2021-22138 : Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 contain a TLS certificate validation flaw in the monitoring feature. When a trusted server CA certificate is specified, Logstash may fail to properly verify the monitoring server’s certificate, enabling a possible man-in-...