Skip to main content

Apm Agent

3 CVEs product

Monthly

CVE-2021-37941 PyPI HIGH PATCH This Week

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Java Apm Agent
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22133 Go LOW PATCH Monitor

The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

Elastic Information Disclosure Apm Agent
NVD
CVSS 3.1
2.4
EPSS
0.5%
CVE-2019-7617 PyPI HIGH PATCH This Week

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Python Information Disclosure Apm Agent
NVD
CVSS 3.0
7.2
EPSS
1.5%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Java Apm Agent
NVD
EPSS 1% CVSS 2.4
LOW PATCH Monitor

The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

Elastic Information Disclosure Apm Agent
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Python Information Disclosure +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy