← back
CVE-2021-22146

CVE-2021-22146

EPSS 27.8%
Vexday Risk Score
28Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Popular PoC on GitHub (3 stars) — exploitation code widely available.
CVSS EPSS 27.8%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
21 Jul 2021Published on NVD
22 Jul 2021Public PoC
Weaponization speed
1 daysto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Plan a near-term fix — a public PoC already exists.
All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unable to successfully query any Elasticsearch APIs, an attacker could leverage the anonymous user to gain insight into certain details of a deployed cluster.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.