PULSE
LIVE41signals / 24h
FEED
ransomkrybit reclama a eitzchaim.com · IL · Not Foundransomkrybit reclama a formasuniversales.com · MX · Business Servicesransomkrybit reclama a rehabmalaysia.com · MY · Healthcareransomkrybit reclama a www.lagus.cz · CZ · Business Servicesransomgunra reclama a Dissinger and Dissinger Law Firm · US · Business Servicesransomplay reclama a Boston Electric and Telephone · US · Telecommunicationransomplay reclama a Wring Group · GB · Not Foundransomincransom reclama a asa-international.com · GB · Business Servicesransomplay reclama a AG Scholtes · NL · Manufacturingransomplay reclama a Andorra Life · AD · Healthcareransomplay reclama a Svensk Direktreklam · SE · Business Servicesransomchaos reclama a radiax.com · US · Technologyransominterlock reclama a Converting Equipment International · GB · Manufacturingransomblack x reclama a sanaa · YE · Not Foundransomkrybit reclama a eitzchaim.com · IL · Not Foundransomkrybit reclama a formasuniversales.com · MX · Business Servicesransomkrybit reclama a rehabmalaysia.com · MY · Healthcareransomkrybit reclama a www.lagus.cz · CZ · Business Servicesransomgunra reclama a Dissinger and Dissinger Law Firm · US · Business Servicesransomplay reclama a Boston Electric and Telephone · US · Telecommunicationransomplay reclama a Wring Group · GB · Not Foundransomincransom reclama a asa-international.com · GB · Business Servicesransomplay reclama a AG Scholtes · NL · Manufacturingransomplay reclama a Andorra Life · AD · Healthcareransomplay reclama a Svensk Direktreklam · SE · Business Servicesransomchaos reclama a radiax.com · US · Technologyransominterlock reclama a Converting Equipment International · GB · Manufacturingransomblack x reclama a sanaa · YE · Not Found
← All CVEs
CVE Watch

CVE-2014-3120

Elasticsearch Remote Code Execution Vulnerability

CVSS

No CVSS

EPSS

88.6%

p100

KEV

YES

Mar 25, 2022

Exploit Today

80

0-100

Published: · Last modified:

EPSS · 30d
88.6%EPSS · 30 days88.6%
2026-06-302026-07-16
KEV catalog record

Product

Elastic / Elasticsearch

Vulnerability

Elasticsearch Remote Code Execution Vulnerability

Added to KEV

Mar 25, 2022

Remediate by

Apr 15, 2022

Known ransomware use

No

Summary description

Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.

Required action

Apply updates per vendor instructions.

Notes

https://nvd.nist.gov/vuln/detail/CVE-2014-3120

Related CVEs
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2015-1427
100.0%
KEV80Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability