Lucene search
Tenable701234.PRMHistoryOct 24, 2019 - 12:00 a.m.
Kibana 5.x < 5.6.15 / 6.x < 6.6.1 Multiple Vulnerabilities
2019-10-2400:00:00
Tenable
www.tenable.com
14
Kibana versions before 5.6.15 and 6.6.1 have the following vulnerabilities:
- A cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. (CVE-2019-7608)
- An arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. (CVE-2019-7609)
- An arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. (CVE-2019-7610)
Binary data 701234.prm| Vendor | Product | Version | CPE |
|---|---|---|---|
| elasticsearch | kibana | cpe:/a:elasticsearch:kibana |
Related
nessus
nessus
Kibana < 5.6.15 Multiple Vulnerabilities
2020-03-05 00:00:00
RHEL 7 : OpenShift Container Platform 4.1.18 (RHSA-2019:2860)
2019-09-27 00:00:00
Kibana 6.x < 6.6.1 Multiple Vulnerabilities
2020-03-05 00:00:00
redhat
redhat
archlinux
archlinux
[ASA-201902-26] kibana: multiple issues
2019-02-25 00:00:00
openvas
openvas
Elastic Kibana < 5.6.15, 6.x.x < 6.6.1 Multiple Vulnerabilities - Linux
2019-03-27 00:00:00
Elastic Kibana < 5.6.15, 6.x.x < 6.6.1 Multiple Vulnerabilities - Windows
2019-03-27 00:00:00
Elastic Kibana < 5.6.15, 6.x.x < 6.6.1 RCE Vulnerability - Active Check
2019-11-06 00:00:00
ibm
ibm
githubexploit
githubexploit
Exploit for Command Injection in Elastic Kibana
2019-11-04 02:42:40
Exploit for Code Injection in Elastic Kibana
2019-12-01 14:29:22
Exploit for Code Injection in Elastic Kibana
2019-10-18 03:25:22
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2019-1.0-0225
2019-04-19 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2019-2.0-0155
2019-04-29 00:00:00
Critical Photon OS Security Update - PHSA-2019-0225
2019-04-19 00:00:00
myhack58
myhack58
cve
cve
redhatcve
redhatcve
checkpoint_advisories
checkpoint_advisories
Kibana Timelion Remote Code Execution (CVE-2019-7609)
2019-10-22 00:00:00
attackerkb
attackerkb
CVE-2019-7609
2019-03-25 00:00:00
f5
f5
K54184111 : Kibana vulnerability CVE-2019-7609
2022-03-21 00:00:00
cisa_kev
cisa_kev
Kibana Arbitrary Code Execution
2022-01-10 00:00:00
metasploit
metasploit
Kibana Timelion Prototype Pollution RCE
2023-08-24 20:08:08
zdt
zdt
Kibana Timelion Prototype Pollution Remote Code Execution Exploit
2023-09-11 00:00:00
prion
prion
Code injection
2019-03-25 19:29:00
Cross site scripting
2019-03-25 19:29:00
Code injection
2019-03-25 19:29:00
nuclei
nuclei
Kibana Timelion - Arbitrary Code Execution
2020-08-15 18:10:27
packetstorm
packetstorm
Kibana Timelion Prototype Pollution Remote Code Execution
2023-09-08 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2019-03-26 02:53:28
Arbitrary Code Execution
2019-03-26 04:06:20
Cross-Site Scripting (XSS)
2019-03-26 06:13:05
osv
osv
threatpost
threatpost
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-09-15 18:54:45
thn
thn
Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the Wild
2021-05-08 12:24:00
FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure
2022-01-12 09:14:00
cisa
cisa
CISA Adds 15 Known Exploited Vulnerabilities to Catalog
2022-01-10 00:00:00
qualysblog
qualysblog
ics
ics
Related for 701234.PRM