← ExploitWatch
HomeExploited Vulnerabilities

CVE-2014-3120 — Actively Exploited: Elasticsearch (Elastic)

Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.

CVE IDCVE-2014-3120
VendorElastic
ProductElasticsearch
Vulnerability nameElasticsearch Remote Code Execution Vulnerability
Date added2022-03-25
Remediation due2022-04-15
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionElasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →