Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2021-22150

It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.0%
CVSS Severity
CVSS v3 Score 6.6
Products affected by CVE-2021-22150
  • Elastic » Kibana » Version: 7.10.2
    cpe:2.3:a:elastic:kibana:7.10.2
  • Elastic » Kibana » Version: 7.11.0
    cpe:2.3:a:elastic:kibana:7.11.0
  • Elastic » Kibana » Version: 7.11.1
    cpe:2.3:a:elastic:kibana:7.11.1
  • Elastic » Kibana » Version: 7.11.2
    cpe:2.3:a:elastic:kibana:7.11.2
  • Elastic » Kibana » Version: 7.12.0
    cpe:2.3:a:elastic:kibana:7.12.0
  • Elastic » Kibana » Version: 7.12.1
    cpe:2.3:a:elastic:kibana:7.12.1
  • Elastic » Kibana » Version: 7.13.0
    cpe:2.3:a:elastic:kibana:7.13.0
  • Elastic » Kibana » Version: 7.13.1
    cpe:2.3:a:elastic:kibana:7.13.1
  • Elastic » Kibana » Version: 7.14.0
    cpe:2.3:a:elastic:kibana:7.14.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved