CVE-2014-3120
Elasticsearch Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
88.6%
p100
KEV
YES
Mar 25, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
88.6%EPSS · 30 days88.6%
2026-06-302026-07-16
Product
Elastic / Elasticsearch
Vulnerability
Elasticsearch Remote Code Execution Vulnerability
Added to KEV
Mar 25, 2022
Remediate by
Apr 15, 2022
Known ransomware use
No
Summary description
Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-3120
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2015-1427—100.0%
KEV—80Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability—