CVE-2014-3120

Name: CVE-2014-3120
Creator: NVD / NIST
Published: 2014-07-28T19:55:04.49+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.1/10Actively ExploitedEPSS 88.56%

Last modified Jun 17, 2026

CVE-2014-3120 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.. CISA has confirmed active exploitation in the wild. EPSS estimates a 88.56% chance of exploitation in the next 30 days.

Description

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.

Metrics

CVSS 3.1

8.1/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Probability

88.56%

99.8th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Apr 15, 2022.

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Elastic	Elasticsearch	< 1.2.0

References

http://bouk.co/blog/elasticsearch-rce/Exploit
http://www.exploit-db.com/exploits/33370Exploit
http://www.osvdb.org/106949Broken Link
http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rceExploit, Third Party Advisory
http://www.securityfocus.com/bid/67731Exploit
https://www.elastic.co/blog/logstash-1-4-3-releasedVendor Advisory
https://www.elastic.co/community/security/Vendor Advisory
https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearchExploit
http://bouk.co/blog/elasticsearch-rce/Exploit
http://www.exploit-db.com/exploits/33370Exploit
http://www.osvdb.org/106949Broken Link
http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rceExploit, Third Party Advisory
http://www.securityfocus.com/bid/67731Exploit
https://www.elastic.co/blog/logstash-1-4-3-releasedVendor Advisory
https://www.elastic.co/community/security/Vendor Advisory
https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearchExploit
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-3120US Government Resource

Timeline

Published: Jul 28, 2014
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2014-3120?

How severe is CVE-2014-3120?

CVE-2014-3120 has a CVSS score of 8.1/10 (HIGH severity). The EPSS model estimates a 88.56% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2014-3120?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-3120?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST