Elastic Beats vulnerabilities
2 known vulnerabilities affecting elastic/elastic_beats.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-49922MEDIUMCVSS 6.5≥ 7.0.0, < 7.17.16≥ 8.0.0, < 8.11.32023-12-12
CVE-2023-49922 [MEDIUM] CWE-532 CVE-2023-49922: An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own
An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent attempted to ingest, this could lead to the insertion of s
nvd
CVE-2023-31421HIGHCVSS 7.5≥ 8.0.0, ≤ 8.9.22023-10-26
CVE-2023-31421 [HIGH] CWE-295 CVE-2023-31421: It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Serve
It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it doe
nvd