claytonvantol.us

SESSION: secure TLS: 1.3 PID: 1337

clayton@site:~/news$ cat cve-2014-3120-elastic-elasticsearch.log

CVE-2014-3120 — Elasticsearch Remote Code Execution Vulnerability

2022-03-25 • CISA Known Exploited Vulnerability

[event] Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.

> AFFECTED SOFTWARE

Field	Value
Vendor	Elastic
Product	Elasticsearch
CWE	CWE-284
CVE ID	CVE-2014-3120
Date Added	2022-03-25
Due Date	2022-04-15
Ransomware Campaign	Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2022-04-15

> REFERENCES

[1] https://nvd.nist.gov/vuln/detail/CVE-2014-3120

← back to terminal

UPTIME: 1337d v2.0.1 privacy LAST LOGIN: 2026-05-30 20:36:13 UTC