The host is installed with Kibana before 5.6.15 or 6.x before 6.6.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle an issue in security audit logger. Successful exploitation could allow an attacker to execute arbitrary commands with permissions of the Kibana process on the host system.