elastic elasticsearch CVE-2021-22145 in Elastic and Oracle Products
Published on July 21, 2021

product logo product logo
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.

NVD

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2021-22145 has been classified to as an Information Disclosure vulnerability or weakness.


Products Associated with CVE-2021-22145

stack.watch emails you whenever new vulnerabilities are published in Elasticsearch or Oracle Communications Cloud Native Core Automated Test Suite. Just hit a watch button to start following.

Elasticsearch
 
Oracle Communications Cloud Native Core Automated Test Suite
 

Affected Versions

Elasticsearch:

Exploit Probability

EPSS
67.93%
Percentile
98.55%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.