CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-22138

In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.0%

CVSS Severity

CVSS v3 Score 3.7

CVSS v2 Score 4.3

References

Products affected by CVE-2021-22138

Elastic » Logstash » Version: 6.4.0

cpe:2.3:a:elastic:logstash:6.4.0
Elastic » Logstash » Version: 6.4.1

cpe:2.3:a:elastic:logstash:6.4.1
Elastic » Logstash » Version: 6.4.2

cpe:2.3:a:elastic:logstash:6.4.2
Elastic » Logstash » Version: 6.4.3

cpe:2.3:a:elastic:logstash:6.4.3
Elastic » Logstash » Version: 6.5.0

cpe:2.3:a:elastic:logstash:6.5.0
Elastic » Logstash » Version: 6.5.1

cpe:2.3:a:elastic:logstash:6.5.1
Elastic » Logstash » Version: 6.5.2

cpe:2.3:a:elastic:logstash:6.5.2
Elastic » Logstash » Version: 6.5.3

cpe:2.3:a:elastic:logstash:6.5.3
Elastic » Logstash » Version: 6.5.4

cpe:2.3:a:elastic:logstash:6.5.4
Elastic » Logstash » Version: 6.6.0

cpe:2.3:a:elastic:logstash:6.6.0
Elastic » Logstash » Version: 6.6.1

cpe:2.3:a:elastic:logstash:6.6.1
Elastic » Logstash » Version: 6.6.2

cpe:2.3:a:elastic:logstash:6.6.2
Elastic » Logstash » Version: 6.7.0

cpe:2.3:a:elastic:logstash:6.7.0
Elastic » Logstash » Version: 6.7.1

cpe:2.3:a:elastic:logstash:6.7.1
Elastic » Logstash » Version: 6.7.2

cpe:2.3:a:elastic:logstash:6.7.2
Elastic » Logstash » Version: 6.8.0

cpe:2.3:a:elastic:logstash:6.8.0
Elastic » Logstash » Version: 6.8.1

cpe:2.3:a:elastic:logstash:6.8.1
Elastic » Logstash » Version: 6.8.10

cpe:2.3:a:elastic:logstash:6.8.10
Elastic » Logstash » Version: 6.8.11

cpe:2.3:a:elastic:logstash:6.8.11
Elastic » Logstash » Version: 6.8.12

cpe:2.3:a:elastic:logstash:6.8.12
Elastic » Logstash » Version: 6.8.13

cpe:2.3:a:elastic:logstash:6.8.13
Elastic » Logstash » Version: 6.8.14

cpe:2.3:a:elastic:logstash:6.8.14
Elastic » Logstash » Version: 6.8.2

cpe:2.3:a:elastic:logstash:6.8.2
Elastic » Logstash » Version: 6.8.3

cpe:2.3:a:elastic:logstash:6.8.3
Elastic » Logstash » Version: 6.8.4

cpe:2.3:a:elastic:logstash:6.8.4
Elastic » Logstash » Version: 6.8.5

cpe:2.3:a:elastic:logstash:6.8.5
Elastic » Logstash » Version: 6.8.6

cpe:2.3:a:elastic:logstash:6.8.6
Elastic » Logstash » Version: 6.8.7

cpe:2.3:a:elastic:logstash:6.8.7
Elastic » Logstash » Version: 6.8.8

cpe:2.3:a:elastic:logstash:6.8.8
Elastic » Logstash » Version: 6.8.9

cpe:2.3:a:elastic:logstash:6.8.9
Elastic » Logstash » Version: 7.0.0

cpe:2.3:a:elastic:logstash:7.0.0
Elastic » Logstash » Version: 7.0.1

cpe:2.3:a:elastic:logstash:7.0.1
Elastic » Logstash » Version: 7.1.0

cpe:2.3:a:elastic:logstash:7.1.0
Elastic » Logstash » Version: 7.1.1

cpe:2.3:a:elastic:logstash:7.1.1
Elastic » Logstash » Version: 7.10.0

cpe:2.3:a:elastic:logstash:7.10.0
Elastic » Logstash » Version: 7.10.1

cpe:2.3:a:elastic:logstash:7.10.1
Elastic » Logstash » Version: 7.10.2

cpe:2.3:a:elastic:logstash:7.10.2
Elastic » Logstash » Version: 7.11.0

cpe:2.3:a:elastic:logstash:7.11.0
Elastic » Logstash » Version: 7.11.1

cpe:2.3:a:elastic:logstash:7.11.1
Elastic » Logstash » Version: 7.11.2

cpe:2.3:a:elastic:logstash:7.11.2
Elastic » Logstash » Version: 7.2.0

cpe:2.3:a:elastic:logstash:7.2.0
Elastic » Logstash » Version: 7.2.1

cpe:2.3:a:elastic:logstash:7.2.1
Elastic » Logstash » Version: 7.3.0

cpe:2.3:a:elastic:logstash:7.3.0
Elastic » Logstash » Version: 7.3.1

cpe:2.3:a:elastic:logstash:7.3.1
Elastic » Logstash » Version: 7.3.2

cpe:2.3:a:elastic:logstash:7.3.2
Elastic » Logstash » Version: 7.4.0

cpe:2.3:a:elastic:logstash:7.4.0
Elastic » Logstash » Version: 7.4.1

cpe:2.3:a:elastic:logstash:7.4.1
Elastic » Logstash » Version: 7.4.2

cpe:2.3:a:elastic:logstash:7.4.2
Elastic » Logstash » Version: 7.5.0

cpe:2.3:a:elastic:logstash:7.5.0
Elastic » Logstash » Version: 7.5.1

cpe:2.3:a:elastic:logstash:7.5.1
Elastic » Logstash » Version: 7.5.2

cpe:2.3:a:elastic:logstash:7.5.2
Elastic » Logstash » Version: 7.6.0

cpe:2.3:a:elastic:logstash:7.6.0
Elastic » Logstash » Version: 7.6.1

cpe:2.3:a:elastic:logstash:7.6.1
Elastic » Logstash » Version: 7.6.2

cpe:2.3:a:elastic:logstash:7.6.2
Elastic » Logstash » Version: 7.7.0

cpe:2.3:a:elastic:logstash:7.7.0
Elastic » Logstash » Version: 7.7.1

cpe:2.3:a:elastic:logstash:7.7.1
Elastic » Logstash » Version: 7.8.0

cpe:2.3:a:elastic:logstash:7.8.0
Elastic » Logstash » Version: 7.8.1

cpe:2.3:a:elastic:logstash:7.8.1
Elastic » Logstash » Version: 7.9.0

cpe:2.3:a:elastic:logstash:7.9.0
Elastic » Logstash » Version: 7.9.1

cpe:2.3:a:elastic:logstash:7.9.1
Elastic » Logstash » Version: 7.9.2

cpe:2.3:a:elastic:logstash:7.9.2
Elastic » Logstash » Version: 7.9.3

cpe:2.3:a:elastic:logstash:7.9.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-22138

Products

Pricing

Contact Us