The host is installed with kibana before 6.8.9 or 7.x before 7.7.0 and is prone to a code injection vulnerability. A flaw is present in the application, which fails to handle TSVB visualizations where authenticated attacker could insert data that would cause Kibana to execute arbitrary code. Successful exploitation allows attackers to execute code with the permissions of the Kibana process on the host system..