Critical network vulnerability on port 9200 for Elasticsearch

Document ID : KB000072831
Last Modified Date : 31/05/2018
Show Technical Document Details
Issue:
After network scan, a "Elasticsearch Transport Protocol Unspecified Remote Code Execution" vulnerability was found. This protocol is using port 9200 and that port is being used by DevTest components such as Portal Services, VSE and so on. 
Environment:
DevTest 9.1.0 and later
Cause:
elasticsearch-1.5.2.jar
Resolution:
Please open a Support case, we have a patch for this.

The patch that is to be provided enables code to resolve the vulnerability at runtime, even though the elasticsearch-1.5.2.jar will not be removed.

A new jar will be replacing the outdated jar in a future release.