{
  "threat_severity" : "Important",
  "public_date" : "2015-02-11T00:00:00Z",
  "bugzilla" : {
    "description" : "elasticsearch: remote code execution via Groovy sandbox bypass",
    "id" : "1191969",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1191969"
  },
  "cvss" : {
    "cvss_base_score" : "6.8",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
    "status" : "verified"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
    "status" : "verified"
  },
  "details" : [ "The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.", "It was reported that Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerability allows an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM." ],
  "affected_release" : [ {
    "product_name" : "Red Hat JBoss A-MQ 6.3",
    "release_date" : "2017-04-03T00:00:00Z",
    "advisory" : "RHSA-2017:0868",
    "cpe" : "cpe:/a:redhat:jboss_amq:6.3"
  }, {
    "product_name" : "Red Hat JBoss Fuse 6.3",
    "release_date" : "2017-04-03T00:00:00Z",
    "advisory" : "RHSA-2017:0868",
    "cpe" : "cpe:/a:redhat:jboss_fuse:6.3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat OpenShift Enterprise 2",
    "fix_state" : "Not affected",
    "package_name" : "openshift-origin-cartridge-fuse",
    "cpe" : "cpe:/a:redhat:openshift:2"
  }, {
    "product_name" : "Red Hat Satellite 6",
    "fix_state" : "Not affected",
    "package_name" : "elasticsearch",
    "cpe" : "cpe:/a:redhat:satellite:6"
  }, {
    "product_name" : "Red Hat Subscription Asset Manager",
    "fix_state" : "Not affected",
    "package_name" : "elasticsearch",
    "cpe" : "cpe:/a:rhel_sam:1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-1427\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1427\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog" ],
  "name" : "CVE-2015-1427",
  "csaw" : false
}