CVE-2020-7017

Published: Jul 27, 2020Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

Exploitability: 1.2 / Impact: 5.5

Source: NVD

Description

In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization.

Affected (5)

Products: Elasticsearch: Kibana · Oracle: Communications Billing And Revenue Management, Communications Cloud Native Core Network Function Cloud Native Environment, Peoplesoft Enterprise Peopletools

Elasticsearch

1 product

Kibana

Oracle

3 products

Communications Billing And Revenue Management

Communications Cloud Native Core Network Function Cloud Native Environment

Peoplesoft Enterprise Peopletools

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Elasticsearch Kibana	Before 6.8.11
Elasticsearch Kibana	From 7.0.0 to 7.8.1

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Billing And Revenue Management	Version 12.0.0.3.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment	Version 1.7.0
Oracle Peoplesoft Enterprise Peopletools	Version 8.58