Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic apm agent vulnerabilities and exploits
(subscribe to this query)
2.4
CVSSv3
CVE-2021-22133
The Elastic APM agent for Go versions prior to 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an a...
Elastic Apm Agent
7.2
CVSSv3
CVE-2019-7617
When the Elastic APM agent for Python versions prior to 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.
Elastic Apm Agent
7.8
CVSSv3
CVE-2021-37941
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a hi...
Elastic Apm Agent
4.3
CVSSv3
CVE-2021-22143
The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is poss...
Elastic Apm .net Agent
7.8
CVSSv3
CVE-2021-37942
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions ...
Elastic Apm Java Agent
7.4
CVSSv3
CVE-2019-7615
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions prior to 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This...
Elastic Apm-agent-ruby
7.5
CVSSv3
CVE-2023-31421
It exists that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is conf...
Elastic Elastic Beats
Elastic Elastic Agent
Elastic Apm Server
Elastic Elastic Fleet Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started