Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Apm Agent Security Vulnerabilities

cve
cve

CVE-2019-7617

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.

7.2CVSS

6.9AI Score

0.001EPSS

2019-08-22 05:15 PM
23
cve
cve

CVE-2021-22133

The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it i...

2.4CVSS

3.4AI Score

0.0004EPSS

2021-02-10 07:15 PM
100
2
cve
cve

CVE-2021-37941

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of permi...

7.8CVSS

7.7AI Score

0.0004EPSS

2021-12-08 10:15 PM
24
6