What is the elastic CNA?
elastic is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 209 CVE records since 2017.
How many CVEs has elastic published?
elastic has published 209 CVE records, including 73 in the last two years.
What is elastic's CVE data quality grade?
RadicalNotion.AI grades elastic's CVE data quality as B, with an overall completeness score of 85.8%. This reflects how consistently its CVE records include vendor (98.6%), product (98.6%), CVSS (47.4%), and CWE (98.6%) information.
What products does elastic publish CVEs for?
elastic most frequently publishes CVEs for Kibana, Elasticsearch, org.elasticsearch:elasticsearch, elk, x-pack.
Which vendors does elastic cover?
elastic publishes CVEs across 1 distinct vendors, most often Elastic, Bitnami, org.elasticsearch, elasticsearch, oracle.
Is elastic actively publishing CVEs?
elastic is currently active, based on 73 CVEs in the last two years.
What is the average severity of elastic's CVEs?
The average CVSS base score across elastic's scored CVEs is 6.4.
How many critical CVEs has elastic published?
elastic has published 10 critical-severity CVEs and 29 high-severity CVEs.
Are any of elastic's CVEs in CISA's Known Exploited Vulnerabilities catalog?
Yes. 1 of elastic's CVEs are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, meaning they are confirmed to be exploited in the wild.
What are the most common weakness types in elastic's CVEs?
elastic's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-532 (Insertion of Sensitive Information into Log File), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), CWE-400 (Uncontrolled Resource Consumption).
How does elastic rank among CNAs?
By total CVE volume, elastic ranks #83 of 370 CNAs, and it reports more complete CVE records than 33% of all CNAs.
