Exposures › CVE-2014-3120

CVE-2014-3120

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2022-03-25
Reference
⚡ RCE ⌖ exploited in the wild shame 65/100 rceexploited-in-wild

Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.

Players implicated

Description

Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.

Affected FedRAMP products 1 in the catalog

ProductProviderStatusMatch
Elastic Cloud Elastic Authorized vendor-exact · 0.90