CVSS: 7.5EPSS: 29%CPEs: 1EXPL: 4CVE-2021-22146 – Elasticsearch ECE 7.13.3 - Anonymous Database Dump
https://notcve.org/view.php?id=CVE-2021-22146
21 Jul 2021 — All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unable to successfully query any Elasticsearch APIs, an attacker could leverage the anonymous user to gain insight into certain details of a deployed cluster. Todas las versiones de Elastic Cloud Enterprise presentan el usuario "anonymous" de Elasticsearch habilitado por defecto en los clusters desplegados. Mientras... • https://packetstorm.news/files/id/163655 •
CVSS: 6.5EPSS: 58%CPEs: 2EXPL: 5CVE-2021-22145 – ElasticSearch 7.13.3 - Memory disclosure
https://notcve.org/view.php?id=CVE-2021-22145
21 Jul 2021 — A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details. Se ha identificado una vulnerabilidad de divulgación de memoria en los informes de errores de Elasticsea... • https://packetstorm.news/files/id/181017 • CWE-209: Generation of Error Message Containing Sensitive Information •