- How many CVEs does Elastic have?
- Elastic has 261 published CVE records since 2014, including 91 in the last two years.
- How many Elastic CVEs are in CISA KEV?
- Yes — 3 of Elastic's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which Elastic products have the most CVEs?
- The Elastic products with the most published CVEs are kibana, elasticsearch, Logstash, Elastic Cloud Enterprise, x-pack.
- What are the most common weakness types in Elastic CVEs?
- Elastic's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-532 (Insertion of Sensitive Information into Log File), CWE-400 (Uncontrolled Resource Consumption), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).
- Are there public exploits for Elastic vulnerabilities?
- Yes — 12 of Elastic's CVEs have a known public exploit.
- How many critical Elastic vulnerabilities are there?
- Elastic has 22 critical and 85 high-severity CVEs.
- What is the average severity of Elastic CVEs?
- The average CVSS base score across Elastic's scored CVEs is 6.8.