HomePentest-Tools.com Logo

Elastic Kibana X-Pack CVE-2016-10364 Insufficient Access Restriction Vulnerability - Windows

Severity
CVSSv3 Score
6.5
Vulnerability description

Elastic Kibana with X-Pack is prone to an insufficient access restriction vulnerability.

Risk description

The Flaw is due to requests to advanced settings and the short URL service which were were not properly authenticated. Successful exploitation allows any authenticated user to make requests to those services regardless of their own permissions.

Recommendation

Update to Elastic Kibana X-Pack version 5.0.2 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jun 16, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available