CVE-2021-22149 in Enterprise Search Appinformation

Résumé

par MITRE • 15/09/2021

Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Réserver

04/01/2021

Divulgation

15/09/2021

Modérer

accepté

Entrée

VDB-182720

CPE

prêt

EPSS

0.00954

KEV

non

Activités

très faible

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!