Elastic Elastic_cloud_enterprise
9 CVEs affecting Elastic Elastic_cloud_enterprise. Latest disclosed: 2025-11-07. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-37729 | Critical | 9.1 | 2025-10-13 | Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltr… |
CVE-2025-37736 | High | 8.8 | 2025-11-07 | Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed… |
CVE-2024-37282 | High | 8.1 | 2024-06-28 | It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to cr… |
CVE-2023-31418 | High | 7.5 | 2023-10-26 | An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to e… |
CVE-2018-3828 | High | 7.5 | 2018-09-19 | Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would… |
CVE-2022-23715 | Medium | 6.5 | 2022-08-25 | A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings… |
CVE-2018-3825 | Medium | 5.9 | 2018-09-19 | In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch… |
CVE-2022-23716 | Medium | 5.3 | 2022-09-28 | A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in t… |
CVE-2018-3829 | Medium | 5.3 | 2018-09-19 | In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An… |