Elasticsearch Remote Code Execution Vulnerability

NVD

Known Exploited Vulnerability

CVE-2014-3120, Elasticsearch Remote Code Execution Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.

The following remediation steps are recommended / required by April 15, 2022: Apply updates per vendor instructions.