CVE-2015-1427
Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability
CVSS
—
Sin CVSS
EPSS
99.9%
p100
KEV
SÍ
25 mar 2022
Exploit Today
80
0-100
Publicado: — · Última mod.: —
99.9%EPSS · 30 días99.9%
2026-06-302026-07-16
Producto
Elastic / Elasticsearch
Vulnerabilidad
Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability
Añadido a KEV
25 mar 2022
Remediar antes de
15 abr 2022
Uso conocido en ransomware
No
Descripción resumida
The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.
Acción requerida
Apply updates per vendor instructions.
Notas
https://nvd.nist.gov/vuln/detail/CVE-2015-1427
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2014-3120—99.8%
KEV—80Elasticsearch Remote Code Execution Vulnerability—