GCVE - cpe:2.3:a:elastic:endpoint_security:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:elastic:endpoint_security:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Elastic (`1d0b8d2a-fd47-5b20-b005-34326f9bd037`)
Product	Endpoint Security (`bd81c983-4a6e-5cf2-be02-04694d008d07`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-46669`	vulnerable	2026-06-03 14:53:10.321156	Elastic Agent / Elastic Endpoint Security local API key disclosure MEDIUM (6.2) Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or has been exploited by malicious actors. Published: 2025-05-01T12:59:49.101Z Updated: 2025-05-01T15:33:08.751Z Open on db.gcve.eu Reference links https://discuss.elastic.co/t/elastic-agent-elastic-endpoint-security-security-update-esa-2025-03/377706	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-38777`	vulnerable	2026-06-03 14:47:50.438166	Details available An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. Published: 2023-02-08T00:00:00.000Z Updated: 2025-03-25T14:23:08.886Z Open on db.gcve.eu Reference links https://www.elastic.co/community/security https://discuss.elastic.co/t/elastic-7-17-9-8-5-0-and-8-6-1-security-update/324661	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-38775`	vulnerable	2026-06-03 14:47:50.437698	Details available An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. Published: 2023-01-24T00:00:00.000Z Updated: 2025-04-02T13:30:23.078Z Open on db.gcve.eu Reference links https://www.elastic.co/community/security https://discuss.elastic.co/t/endpoint-security-8-4-1-security-statement/323753	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-38774`	vulnerable	2026-06-03 14:47:50.436063	Details available An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. Published: 2023-01-24T00:00:00.000Z Updated: 2025-04-02T14:26:51.356Z Open on db.gcve.eu Reference links https://www.elastic.co/community/security https://discuss.elastic.co/t/endpoint-security-8-4-0-7-17-7-and-endgame-3-62-3-security-statement/323754	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-23714`	vulnerable	2026-06-03 14:46:28.150461	Details available A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. Published: 2022-07-06T13:57:27.000Z Updated: 2024-08-03T03:51:45.981Z Open on db.gcve.eu Reference links https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613 https://www.elastic.co/community/security	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.