CVE-2017-8444

EPSS 0.12%
Veröffentlicht 29.09.2017 01:34:50
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle bressers@elastic.co
Teams Watchlist Login
Unerledigt Login

The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Elasticsearch ≫ Cloud Enterprise Version1.0.0

Elasticsearch ≫ Cloud Enterprise Version1.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.282

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://discuss.elastic.co/t/elastic-cloud-enterprise-1-0-2-security-update/100247

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-8444

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-8444

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-8444

EUVD