Exposures › CVE-2015-1427
CVE-2015-1427
Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2022-03-25
Reference
⚡ RCE
⌖ exploited in the wild
shame 65/100
rceexploited-in-wild
The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.
Players implicated
Description
The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.
Affected FedRAMP products 1 in the catalog
| Product | Provider | Status | Match |
|---|---|---|---|
| Elastic Cloud | Elastic | Authorized | vendor-exact · 0.90 |