Information disclosure vulnerability in Elasticsearch and Logstash - CVE-2021-45046 (dpkg)ID: oval:org.secpod.oval:def:76499 | Date: (C)2021-12-20 (M)2023-11-10 |
Class: VULNERABILITY | Family: unix |
The host is installed with Elasticsearch 5.x before 6.8.21, 7.x before 7.16.1 or Logstash 5.x before 6.8.21, 7.x before 7.16.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an issue in Log4j library. Successful exploitation could allow attackers to cause information leakage or denial of service.
Product: |
elasticsearch |
Logstash |