Elasticsearch Unrestricted Access Information Disclosure
The Elasticsearch application running on the remote web server is affected by an information disclosure vulnerability due to a failure to restrict resources via authentication. An unauthenticated, remote attacker can exploit this to disclose sensitive information from the database.
PORT - 9200
Requirement - Pre request for LDAP configuration for user authentication
As per auditor request to close this VA
Enable native user authentication or integrate with an external user management system such as LDAP and Active Directory.
Request you to please share SOP for the same.