Skip to main content

Apm Server

3 CVEs product

Monthly

CVE-2024-37286 Go MEDIUM PATCH This Month

APM server logs contain document body from a partially failed bulk index request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apm Server
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-23448 Go HIGH PATCH This Week

An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Apm Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-31421 HIGH This Week

It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elastic Beats Elastic Agent Apm Server +1
NVD
CVSS 3.1
7.5
EPSS
0.3%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

APM server logs contain document body from a partially failed bulk index request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apm Server
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Apm Server
NVD
EPSS 0% CVSS 7.5
HIGH This Week

It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elastic Beats +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy