Elasticsearch Groovy Script RCE - security vulnerability...

Expand / Collapse

Elasticsearch Groovy Script RCE - security vulnerability (solution)

Article ID: 52519 - Last Review: January 18, 2017


The version of Elasticsearch used in the MiContact Center Business system is affected by a remote code vulnerability.  A remote unauthenticated attacker, using a specially crafted request, can escape the sandbox and execute arbitrary Java code.  A successful attack could allow the user to gain a remote shell or manipulate files on the server. 


Add a firewall rule to block incomming traffic to the MiContact Center Business server on port 9200. 


MiCC 8.0 or newer 

Keywords: elasticsearch groovy script rce security vulnerability

Rate this Article:

Add Your Comments

Name: *
Email Address:
Web Address:
Verification Code:

Last Modified:Wednesday, January 18, 2017
Last Modified By: AndrewMontpetit
Type: FIX
Rated 1 star based on 1 vote
Article has been viewed 5,278 times.