Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic apm agent vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-37942
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions ...
Elastic Apm Java Agent
NA
CVE-2021-22143
The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is poss...
Elastic Apm .net Agent
NA
CVE-2023-31421
It exists that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is conf...
Elastic Elastic Beats
Elastic Elastic Agent
Elastic Apm Server
Elastic Elastic Fleet Server
392
VMScore
CVE-2021-37941
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a hi...
Elastic Apm Agent
240
VMScore
CVE-2021-22133
The Elastic APM agent for Go versions prior to 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an a...
Elastic Apm Agent
570
VMScore
CVE-2019-7617
When the Elastic APM agent for Python versions prior to 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.
Elastic Apm Agent
516
VMScore
CVE-2019-7615
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions prior to 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This...
Elastic Apm-agent-ruby
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started