CVE-2014-3120 - Elasticsearch Remote Code Execution Vulnerability
Project:Elastic
Product:Elasticsearch
Date Added:2022-03-25Due Date:2022-04-15
Vulnerability Name
Elasticsearch Remote Code Execution Vulnerability
Description
Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-3120