| CVE-2021-22149 |
High |
Yes |
Access restriction bypass |
A flaw in Elastic App Search in Elastic Enterprise Search versions prior to 7.14.0 was discovered where API keys were missing authorization via an alternate... |
| CVE-2021-22148 |
High |
Yes |
Access restriction bypass |
A flaw in Elastic App Search in Elastic Enterprise Search versions prior to 7.14.0 was discovered where API keys were not bound to the same engines as their... |
| CVE-2021-22147 |
Medium |
Yes |
Information disclosure |
A flaw was discovered in Elasticsearch versions 7.11.0 to 7.13.4 where document and field level security was not applied to searchable snapshots. This could... |
| CVE-2021-22140 |
Critical |
Yes |
Xml external entity injection |
An XML External Entity Injection issue (XXE) was found in the App Search web crawler beta feature. Using this vector, an attacker whose website is being... |