CVE-2015-1427 | Cybersecurity Alerts | Nexus IT Services, LLC

← Back to Cybersecurity Alerts

CVE-2015-1427

Elastic | ElasticsearchAdded 2022-03-25Remediation Deadline 2022-04-15

Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability

The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-284

References

https://nvd.nist.gov/vuln/detail/CVE-2015-1427