79 matches found
CVE-2022-23716
A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster...
Design/Logic Flaw
A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster...
CVE-2022-23716
A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster...
CVE-2022-23716
The CVE-2022-23716 entry pertains to Elastic Cloud Enterprise (ECE) before 3.1.1, where the SAML signing private key used for RBAC could be disclosed via deployment logs in the Logging and Monitoring cluster. Connected sources confirm affected product/version and the root cause (private key expos...
CVE-2022-23716
A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster...
PT-2022-16225 · Ece · Ece
Name of the Vulnerable Software and Affected Versions: ECE versions prior to 3.1.1 Description: A flaw was discovered that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster. Recommendations: For versio...
CVE-2022-23715
A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user a...
Design/Logic Flaw
A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user a...
CVE-2022-23715
A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user a...
CVE-2022-23715
CVE-2022-23715 affects Elastic Cloud Enterprise (ECE) prior to 3.4.0. A flaw in the Logging and Monitoring cluster may cause disclosure of sensitive information (e.g., user passwords and Elasticsearch keystore values) in logs. The vulnerable endpoints are PATCH /api/v1/user and PATCH /deployments...
PT-2022-16224 · Ece · Ece
Name of the Vulnerable Software and Affected Versions: ECE versions prior to 3.4.0 Description: A flaw in ECE might lead to the disclosure of sensitive information, such as user passwords and Elasticsearch keystore settings values, in logs like the audit log or deployment logs in the Logging and...
CVE-2022-20802 Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability
A vulnerability in the web interface of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by...
CVE-2022-20802
The CVE-2022-20802 vulnerability affects Cisco Enterprise Chat and Email (ECE) Web Interface. A cross-site scripting (XSS) flaw arises from insufficient validation of user-supplied input processed by the web interface, enabling an authenticated, remote attacker with agent credentials to potential...
PT-2022-1428 · Cisco · Cisco Ece
Name of the Vulnerable Software and Affected Versions: Cisco ECE affected versions not specified Description: A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the...
courses.ece.cmu.edu Cross Site Scripting vulnerability OBB-2158216
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Elasticsearch ECE 7.13.3信息泄露漏洞(CVE-2021-22146)
Exploit Title: Elasticsearch ECE 7.13.3 - Anonymous Database Dump Date: 2021-07-21 Exploit Author: Joan Martinez @magichk Vendor Homepage: https://www.elastic.co/ Software Link: https://www.elastic.co/ Version: = 7.10.0 to = 7.13.3 Tested on: Elastic ECE Cloud CVE : CVE-2021-22146 Reference:...
Elasticsearch ECE 7.13.3 - Anonymous Database Dump
Exploit Title: Elasticsearch ECE 7.13.3 - Anonymous Database Dump Date: 2021-07-21 Exploit Author: Joan Martinez @magichk Vendor Homepage: https://www.elastic.co/ Software Link: https://www.elastic.co/ Version: = 7.10.0 to = 7.13.3 Tested on: Elastic ECE Cloud CVE : CVE-2021-22146 Reference:...
Elasticsearch ECE 7.13.3 Database Disclosure
Exploit Title: Elasticsearch ECE 7.13.3 - Anonymous Database Dump Date: 2021-07-21 Exploit Author: Joan Martinez @magichk Vendor Homepage: https://www.elastic.co/ Software Link: https://www.elastic.co/ Version: = 7.10.0 to = 7.13.3 Tested on: Elastic ECE Cloud CVE : CVE-2021-22146 Reference:...
Exploit for CVE-2021-22146
cve-2021-22146 I found during a internal pentest...
Cross site scripting
A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email ECE Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...