← Back to CVEs
CVE-2014-3120
HIGHCISA KEV8.1
Description
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.
CVE Details
CVSS v3.1 Score8.1
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published7/28/2014
Last Modified4/22/2026
Sourcekev
Honeypot Sightings0
CISA KEV
VendorElastic
ProductElasticsearch
Vulnerability NameElasticsearch Remote Code Execution Vulnerability
KEV Date Added2022-03-25
Remediation Due Date2022-04-15
Ransomware UseUnknown
Affected Products
elastic:elasticsearch
Weaknesses (CWE)
CWE-284CWE-284
References
http://bouk.co/blog/elasticsearch-rce/(cve@mitre.org)
http://www.exploit-db.com/exploits/33370(cve@mitre.org)
http://www.osvdb.org/106949(cve@mitre.org)
http://www.securityfocus.com/bid/67731(cve@mitre.org)
https://www.elastic.co/blog/logstash-1-4-3-released(cve@mitre.org)
https://www.elastic.co/community/security/(cve@mitre.org)
https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch(cve@mitre.org)
http://bouk.co/blog/elasticsearch-rce/(af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/33370(af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/106949(af854a3a-2127-422b-91ae-364da2661108)
http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/67731(af854a3a-2127-422b-91ae-364da2661108)
https://www.elastic.co/blog/logstash-1-4-3-released(af854a3a-2127-422b-91ae-364da2661108)
https://www.elastic.co/community/security/(af854a3a-2127-422b-91ae-364da2661108)
https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-3120(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.