Vulnerabilities > Elastic > Kibana > 7.4.0

DATE CVE VULNERABILITY TITLE RISK
2021-05-13 CVE-2021-22139 Resource Exhaustion vulnerability in Elastic Kibana
Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size.
network
low complexity
elastic CWE-400
6.5
6.5
2020-06-03 CVE-2020-7015 Cross-site Scripting vulnerability in Elastic Kibana
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization.
network
low complexity
elastic CWE-79
5.4
5.4
2020-06-03 CVE-2020-7013 Code Injection vulnerability in multiple products
Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB.
network
low complexity
elastic redhat CWE-94
7.2
7.2
2020-06-03 CVE-2020-7012 Code Injection vulnerability in Elastic Kibana
Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant.
network
low complexity
elastic CWE-94
8.8
8.8
2019-12-18 CVE-2019-7621 Cross-site Scripting vulnerability in Elastic Kibana
Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations.
network
low complexity
elastic CWE-79
5.4
5.4