Lucene search
K

71 matches found

RedhatCVE
RedhatCVE
added 2025/11/08 10:57 p.m.6 views

CVE-2025-37736

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...

8.8CVSS6.8AI score0.00324EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/08 12:31 a.m.6 views

EUVD-2025-38342

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...

8.8CVSS6.3AI score0.00324EPSS
Exploits0References2
OSV
OSV
added 2025/11/07 11:15 p.m.4 views

CVE-2025-37736

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...

8.8CVSS5.8AI score0.00324EPSS
Exploits0References1
NVD
NVD
added 2025/11/07 11:15 p.m.6 views

CVE-2025-37736

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...

8.8CVSS0.00324EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/07 10:8 p.m.6 views

CVE-2025-37736 Elastic Cloud Enterprise Improper Authorization

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...

8.8CVSS6.4AI score0.00324EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/07 10:8 p.m.12 views

CVE-2025-37736 Elastic Cloud Enterprise Improper Authorization

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...

8.8CVSS0.00324EPSS
Exploits0References1
CVE
CVE
added 2025/11/07 10:8 p.m.52 views

CVE-2025-37736

Summary: CVE-2025-37736 is an Improper Authorization flaw in Elastic Cloud Enterprise (ECE) that can enable privilege escalation where a built-in readonly user may call APIs that should be disallowed. Affected endpoints (examples): /platform/configuration/security/service-accounts (POST/DELETE/…)...

8.8CVSS6.4AI score0.00324EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.6 views

Elastic Cloud Enterprise 安全漏洞

Elastic Cloud Enterprise is a cloud platform from the Dutch company Elastic. It makes it easy to deploy, operate and scale Elastic Stack in the cloud. A security vulnerability exists in Elastic Cloud Enterprise that stems from improper authorization and could lead to elevated privileges...

8.8CVSS6.4AI score0.00324EPSS
Exploits0References2
Elastic
Elastic
added 2025/10/31 5:36 p.m.16 views

Elastic Cloud Enterprise (ECE) 3.8.3 and 4.0.3 Security Update (ESA-2025-22)

Elastic Cloud Enterprise Improper Authorizatio n ESA-2025-22 Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is:...

8.8CVSS7AI score0.00324EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.6 views

PT-2025-44756

Name of the Vulnerable Software and Affected Versions Elastic Cloud Enterprise affected versions not specified Description An improper authorization issue exists in the Elastic Cloud Enterprise platform’s application programming interfaces. Exploitation of this issue may allow a remote attacker t...

9CVSS6.7AI score0.00324EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/10/14 1:51 p.m.7 views

CVE-2025-37729

Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise ECE can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated...

9.1CVSS6.7AI score0.00565EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/13 3:31 p.m.7 views

EUVD-2025-34069

Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise ECE can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated...

9.1CVSS6.2AI score0.00565EPSS
Exploits0References2
NVD
NVD
added 2025/10/13 2:15 p.m.4 views

CVE-2025-37729

Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise ECE can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated...

9.1CVSS0.00565EPSS
Exploits0References1
OSV
OSV
added 2025/10/13 2:15 p.m.5 views

CVE-2025-37729

Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise ECE can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated...

7.2CVSS5.8AI score0.00565EPSS
Exploits0References1
CVE
CVE
added 2025/10/13 1:47 p.m.23 views

CVE-2025-37729

Elastic Cloud Enterprise (ECE) is affected by CVE-2025-37729 due to improper neutralization of Jinjava template elements. The issue allows a user with Admin access to exfiltrate sensitive information and issue commands through a specially crafted string that causes Jinjava variables to be evaluat...

9.1CVSS6.3AI score0.00565EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/13 1:47 p.m.3 views

CVE-2025-37729 Elastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template Engine

Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise ECE can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated...

9.1CVSS6.3AI score0.00565EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/13 1:47 p.m.10 views

CVE-2025-37729 Elastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template Engine

Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise ECE can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated...

9.1CVSS0.00565EPSS
Exploits0References1
Elastic
Elastic
added 2025/10/13 1:44 p.m.10 views

Elastic Cloud Enterprise (ECE) 3.8.2 and 4.0.2 Security Update (ESA-2025-21)

Elastic Cloud Enterprise ECE Improper Neutralization of Special Elements Used in a Template Engine ESA-2025-21 Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise ECE can lead to a malicious actor with Admin access exfiltrating sensitive information a...

9.1CVSS6.9AI score0.00565EPSS
Exploits0
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.5 views

Elastic Cloud Enterprise 安全漏洞

Elastic Cloud Enterprise is a cloud platform from the Dutch company Elastic. It makes it easy to deploy, operate and scale Elastic Stack in the cloud. A security vulnerability exists in Elastic Cloud Enterprise that stems from improper neutralization of special elements in the template engine,...

9.1CVSS6.7AI score0.00565EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.6 views

PT-2025-41785

Name of the Vulnerable Software and Affected Versions Elastic Cloud Enterprise versions 2.5.0 through 3.8.1 Elastic Cloud Enterprise version 4.0.0 through 4.0.1 Description An issue exists in Elastic Cloud Enterprise ECE related to the improper handling of special elements within its template...

9.1CVSS7.9AI score0.00565EPSS
Exploits0References21
Rows per page
Query Builder