Lucene search

CVE-2021-37936

🗓️ 18 Nov 2022 23:19:15Reported by elasticType

cve🔗 web.nvd.nist.gov📰️ 9 Media mentions👁 61 Views

Kibana vulnerability allows HTML injection in Elasticsearch inde

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 10
NVD	CVE-2021-37936	18 Nov 202223:15	–	nvd
OpenVAS	Elastic Kibana HTML Injection Vulnerability (ESA-2021-23)	27 Sep 202100:00	–	openvas
Cvelist	CVE-2021-37936	18 Nov 202200:00	–	cvelist
Prion	Hardcoded credentials	18 Nov 202223:15	–	prion
OSV	CVE-2021-37936	18 Nov 202223:15	–	osv
Veracode	Cross-site Scripting (XSS)	23 Nov 202210:21	–	veracode
RedhatCVE	CVE-2021-37936	24 Nov 202213:26	–	redhatcve
Tenable Nessus	Kibana 7.10.2 < 7.14.1 Code Execution	11 Jan 202300:00	–	nessus
Tenable Nessus	Kibana 7.14.0 HTML Injection	11 Jan 202300:00	–	nessus
Tenable Nessus	Kibana 7.9.0 < 7.14.1 Path Traversal	11 Jan 202300:00	–	nessus

Nvd

Node

elastic kibanaRange<7.14.1

[
  {
    "vendor": "Elastic",
    "product": "Kibana",
    "versions": [
      {
        "version": "versions before 7.14.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
elastic	www.elastic.co/community/security/
discuss	www.discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

18 Nov 2022 23:15Current

5.2Medium risk

Vulners AI Score5.2

CVSS35.4

EPSS0.00841

CWE-79