Vulnerabilities > Elastic > APM Server > 8.6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-07 | CVE-2024-23448 | Information Exposure Through Log Files vulnerability in Elastic APM Server An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. | 7.5 |
| 2023-10-26 | CVE-2023-31421 | Improper Certificate Validation vulnerability in Elastic products It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. | 7.5 |