According to its self-reported version number, the Kibana application running on the remote host is prior to 6.8.2 or 7.x prior to 7.2.1. It is, therefore, affected by :
A prototype pollution vulnerability in lodash. (CVE-2019-10744)
A server-side request forgery (SSRF) vulnerability in the graphite integration for Timelion visualizer. (CVE-2019-7616)
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data
Vendor | Product | Version | CPE |
---|---|---|---|
elasticsearch | kibana | * | cpe:2.3:a:elasticsearch:kibana:*:*:*:*:*:*:*:* |