CVE-2023-31414

HIGH Year: 2023
CVSS v3 Score
8.2
High
Weakness Type
CWE-94
View all →

Vulnerability Description

Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.

Related Vulnerabilities

CVE-2021-27611

HIGH
CVSS:8.2(High)

SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. T...

CWE-942021

CVE-2021-38967

HIGH
CVSS:8.2(High)

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441.

CWE-942021

CVE-2023-20063

HIGH
CVSS:8.2(High)

A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense (FTD) Software and devices that are running Cisco Firepower Management (FMC...

CWE-942023

CVE-2023-43301

HIGH
CVSS:8.2(High)

An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CWE-942023

CVE-2009-2529

HIGH
CVSS:8.1(High)

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted H...

CWE-942009

CVE-2010-0248

HIGH
CVSS:8.1(High)

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly init...

CWE-942010