Test Kennung:	1.3.6.1.4.1.25623.1.0.143092
Kategorie:	Web application abuses
Titel:	Elastic Kibana < 5.6.15, 6.x.x < 6.6.1 RCE Vulnerability - Active Check
Zusammenfassung:	Kibana contains an arbitrary code execution flaw in the Timelion; visualizer.
Beschreibung:	Summary: Kibana contains an arbitrary code execution flaw in the Timelion visualizer. Vulnerability Insight: An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. On May 07, 2021 the NCSC, CISA, FBI and NSA publish advice on detection and mitigation of SVR activity following the attribution of the SolarWinds compromise. This VT is covering one or more vulnerabilities mentioned in that report. Affected Software/OS: Kibana versions before 5.6.15 and 6.0.0 before 6.6.1. Solution: Update to version 5.6.15, 6.6.1 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-7609 https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077 https://www.elastic.co/community/security RedHat Security Advisories: RHBA-2019:2824 https://access.redhat.com/errata/RHBA-2019:2824 RedHat Security Advisories: RHSA-2019:2860 https://access.redhat.com/errata/RHSA-2019:2860
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.