Vulnerabilities > Elastic > APM Server

DATE CVE VULNERABILITY TITLE RISK
2024-08-03 CVE-2024-37286 Information Exposure Through Log Files vulnerability in Elastic APM Server
APM server logs contain document body from a partially failed bulk index request.
network
low complexity
elastic CWE-532
6.5
2024-02-07 CVE-2024-23448 Information Exposure Through Log Files vulnerability in Elastic APM Server
An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document.
network
low complexity
elastic CWE-532
7.5
2023-10-26 CVE-2023-31421 Improper Certificate Validation vulnerability in Elastic products
It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed.
network
low complexity
elastic CWE-295
7.5