Elastic Elastic_cloud_enterprise

9 CVEs affecting Elastic Elastic_cloud_enterprise. Latest disclosed: 2025-11-07. Critical: 1, High: 4.

Top CVEs affecting Elastic Elastic_cloud_enterprise
CVESeverityScorePublishedSummary
CVE-2025-37729Critical9.12025-10-13Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltr…
CVE-2025-37736High8.82025-11-07Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed…
CVE-2024-37282High8.12024-06-28It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to cr…
CVE-2023-31418High7.52023-10-26An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to e…
CVE-2018-3828High7.52018-09-19Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would…
CVE-2022-23715Medium6.52022-08-25A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings…
CVE-2018-3825Medium5.92018-09-19In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch…
CVE-2022-23716Medium5.32022-09-28A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in t…
CVE-2018-3829Medium5.32018-09-19In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An…