Lucene search
Veracode Vulnerability DatabaseVERACODE:30193HistoryApr 28, 2021 - 8:01 a.m.
Man-in-the-middle (MITM)
2021-04-2808:01:01
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.001 Low
EPSS
Percentile
28.7%
xpack is vulnerable to man-in-the-middle attack. The vulnerability exists because verification of SSL/TLS certificates are not properly done, allowing a man in the middle attack against the Logstash monitoring data.
References
discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125
github.com/elastic/logstash/commit/2926f1e8c610034c1f2e4dfeda1bf4c2d3bbd979
github.com/elastic/logstash/commit/3c0cd07dcd6979538e2b92b9997f2535aa13798e
github.com/elastic/logstash/pull/12749
security.netapp.com/advisory/ntap-20210629-0001/
Related
ibm
ibm
cvelist
cvelist
CVE-2021-22138
2021-05-13 17:35:19
osv
osv
BIT-logstash-2021-22138
2024-03-06 10:55:30
CVE-2021-22138
2021-05-13 18:15:09
prion
prion
Security feature bypass
2021-05-13 18:15:00
redos
redos
ROS-20230928-01
2023-09-28 00:00:00
openvas
openvas
Elastic Logstash Certificate Verification Bypass Vulnerability (ESA-2021-09)
2021-05-14 00:00:00
nvd
nvd
CVE-2021-22138
2021-05-13 18:15:09
cve
cve
CVE-2021-22138
2021-05-13 18:15:09