VDB
CVE-2014-3120
CVE-2014-3120
PUBLISHED
KEV
CVSS 6.800000190734863 MEDIUM
Elasticsearch Improper Access Control vulnerability
EPSS 85.28% · 99.4th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
85.28%
99.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.elasticsearch:elasticsearch | 0 |
| n/a | n/a | n/a |
| elasticsearch | elasticsearch | 0 |
Exploit Intelligence
- Dungsocool/CVE-2014-3120 (github-poc)
- Dungsocool/CVE-2014-3120 (github-poc)
- Dungsocool/CVE-2014-3120 (github-poc)
- Dungsocool/CVE-2014-3120 (github-poc)
- Dungsocool/CVE-2014-3120 (github-poc)
- Dungsocool/CVE-2014-3120 (github-poc)
- xpgdgit/CVE-2014-3120 (github-poc)
- xpgdgit/CVE-2014-3120 (github-poc)
- xpgdgit/CVE-2014-3120 (github-poc)
- xpgdgit/CVE-2014-3120 (github-poc)
…and 97 more exploits
Timeline
- CVE Published
- May 15, 2014 PoC Published
- May 21, 2014 PoC Published
- Jun 1, 2014 PoC Published
- Oct 20, 2014 PoC Published
- May 29, 2018 PoC Published
- Jun 26, 2020 PoC Published
- Oct 9, 2020 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 25, 2022 CISA KEV Added
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://www.elastic.co/blog/logstash-1-4-3-released url
- 33370 exploit
- 67731 vdb
- 106949 vdb
- http://bouk.co/blog/elasticsearch-rce/ url
- http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce url
- https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch url
- https://www.elastic.co/community/security/ url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-3120 url
- https://nvd.nist.gov/vuln/detail/CVE-2014-3120 advisory
- https://github.com/elastic/elasticsearch/issues/7151 url
- https://github.com/elastic/elasticsearch/pull/7642 url
- https://github.com/elastic/elasticsearch/commit/bd0eb32d9c3c3f5b6e5f8630c859cd04bdcd4e06 url
- https://github.com/elastic/elasticsearch/commit/f9de8b65898509e038e33215db0720b508477a12 url
- https://github.com/elastic/elasticsearch package
- https://web.archive.org/web/20140813071419/http://www.securityfocus.com/bid/67731 url
- https://www.elastic.co/community/security url
- http://bouk.co/blog/elasticsearch-rce url