{"uuid": "bc340e2d-a18b-4115-b545-f2ac722eba4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2014-3120", "type": "seen", "source": "https://t.me/arpsyndicate/1886", "content": "#ExploitObserverAlert\n\nCVE-2014-3120\n\nDESCRIPTION: Exploit Observer has 80 entries related to CVE-2014-3120. The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search.  NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.\n\nFIRST-EPSS: 0.530130000\nNVD-IS: 6.4\nNVD-ES: 8.6", "creation_timestamp": "2023-12-18T01:56:04.000000Z"}