cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-37285,https://securityvulnerability.io/vulnerability/CVE-2024-37285,Deserialization Flaw in Kibana by Elastic Search,"A deserialization issue in Kibana allows attackers to execute arbitrary code by manipulating YAML documents. This vulnerability arises when Kibana incorrectly processes crafted payloads, necessitating specific permissions on Elasticsearch indices and within Kibana. Attackers must possess both write privilege on system indices .kibana_ingest* and the ability to manipulate restricted indices, combined with comprehensive Kibana privileges. Such an exploit poses significant risks to systems utilizing Kibana for visualization and data analysis.",Elastic,Kibana,,,0.0004299999854993075,false,,true,false,true,2024-09-09T07:07:36.000Z,,false,false,,2024-11-14T17:15:00.000Z,0
CVE-2024-37287,https://securityvulnerability.io/vulnerability/CVE-2024-37287,Prototype Pollution Vulnerability in Kibana Allows Arbitrary Code Execution,"Summary: A critical security flaw has been identified in Kibana, a popular open-source data visualization and exploration tool, with a vulnerability that allows attackers to execute arbitrary code. The vulnerability, tracked as CVE-2024-37287, has a critical severity rating and affects various Kibana environments, including self-managed installations, instances running the Kibana Docker image, and those on Elastic Cloud. Users are strongly advised to upgrade to Kibana version 8.14.2 or 7.17.23 to address the flaw and protect their systems. There are no known exploitations in the wild by ransomware groups at this time.",Elastic,Kibana,7.2,HIGH,0.0004900000058114529,false,,true,false,true,2024-08-07T08:09:08.000Z,,false,false,,2024-08-13T11:33:45.520Z,0