CVE-2014-3120 | Cybersecurity Alerts | Nexus IT Services, LLC

← Back to Cybersecurity Alerts

CVE-2014-3120

Elastic | ElasticsearchAdded 2022-03-25Remediation Deadline 2022-04-15

Elasticsearch Remote Code Execution Vulnerability

Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-284

References

https://nvd.nist.gov/vuln/detail/CVE-2014-3120