Jorge Reyna R.'s picture

Hello everyone,

Someone knows if there is a patch, procedure or update through which the following vulnerabilities can be resolved in ARIS Design Server:

  1. Elasticsearch Groovy Script RCE: The remote web server hosts a Java application that is affected by a remote code execution vulnerability.
  2. Elasticsearch Transport Protocol Unspecified Remote Code Execution: Elasticsearch contains an unspecified flaw related to the transport protocol that may allow a remote attacker to execute arbitrary code.

Thank you very much in advance.

Tags: ARIS API arishack Java