Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic apm server vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2024-23448
An issue exists whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest,...
Elastic Apm Server
4.3
CVSSv3
CVE-2021-22143
The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is poss...
Elastic Apm .net Agent
5.3
CVSSv3
CVE-2023-31416
Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment.
Elastic Elastic Cloud On Kubernetes
Elastic Apm Server
7.5
CVSSv3
CVE-2023-31421
It exists that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is conf...
Elastic Elastic Beats
Elastic Elastic Agent
Elastic Apm Server
Elastic Elastic Fleet Server
2.4
CVSSv3
CVE-2021-22133
The Elastic APM agent for Go versions prior to 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an a...
Elastic Apm Agent
7.4
CVSSv3
CVE-2019-7615
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions prior to 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This...
Elastic Apm-agent-ruby
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started