{"uuid": "dced9bbd-c533-4393-abbe-981982439c0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2014-3120", "type": "seen", "source": "https://t.me/arpsyndicate/1477", "content": "#ExploitObserverAlert\n\nCVE-2014-3120\n\nDESCRIPTION: Exploit Observer has 79 entries related to CVE-2014-3120. The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search.  NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.\n\nFIRST-EPSS: 0.530130000\nNVD-IS: 6.4\nNVD-ES: 8.6", "creation_timestamp": "2023-12-06T11:24:15.000000Z"}