Lucene search
K

7 matches found

OSV
OSV
added 2024/11/14 5:15 p.m.4 views

CVE-2024-37285

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges...

7.2CVSS7.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/14 4:49 p.m.11 views

CVE-2024-37285 Kibana arbitrary code execution via YAML deserialization

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges...

9.1CVSS7.7AI score0.01257EPSS
Exploits0References1
OSV
OSV
added 2024/09/09 9:15 a.m.14 views

CVE-2024-37288

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html and...

8.8CVSS7.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/09 8:29 a.m.15 views

CVE-2024-37288

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html and...

9.9CVSS7.6AI score0.01013EPSS
Exploits0References1
CVE
CVE
added 2024/09/09 8:29 a.m.100 views

CVE-2024-37288

CVE-2024-37288 affects Kibana via a YAML deserialization flaw that can lead to arbitrary code execution. Exploitation is possible without user interaction over network with low privileges, targeting environments using Elastic Security AI tools and an Amazon Bedrock connector; impact to confidenti...

9.9CVSS7.7AI score0.01013EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/05 12:0 a.m.5 views

PT-2024-5982 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Elastic Kibana affected versions not specified Description: A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that...

9.9CVSS7.4AI score0.01013EPSS
Exploits0References46
Positive Technologies
Positive Technologies
added 2024/09/05 12:0 a.m.5 views

PT-2024-5984 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious us...

9.1CVSS7.6AI score0.01257EPSS
Exploits0References38
Rows per page
Query Builder