Lucene search
K

28 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago6 views

Kibana 8.x < 8.18.9 / 8.19.x < 8.19.6 / 9.0.x < 9.0.8 / 9.1.x < 9.1.6 Information Disclosure (ESA-2026-50)

The version of Kibana installed on the remote host is 8.x prior to 8.18.9, 8.19.x prior to 8.19.6, 9.0.x prior to 9.0.8, or 9.1.x prior to 9.1.6. It is, therefore, affected by an information disclosure vulnerability: - Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to...

4.4CVSS6.1AI score0.00211EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:59 p.m.8 views

EUVD-2026-41093

Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to information disclosure. When the optional application performance monitoring APM instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to...

4.4CVSS5.7AI score0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:59 p.m.7 views

CVE-2026-49088

Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to information disclosure. When the optional application performance monitoring APM instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to...

4.4CVSS5.7AI score0.00211EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/01 4:59 p.m.35 views

CVE-2026-49088 Insertion of Sensitive Information into Log File in Kibana Leading to Information Disclosure

Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to information disclosure. When the optional application performance monitoring APM instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to...

4.4CVSS0.00211EPSS
Exploits0References1
Node JS Blog
Node JS Blog
added 2026/01/13 12:0 a.m.9 views

Mitigating Denial-of-Service Vulnerability from Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users

Mitigating Denial-of-Service Vulnerability from Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users TL;DR Node.js/V8 makes a best-effort attempt to recover from stack space exhaustion with a catchable error, which frameworks have come to rely on for service availability. An edg...

6.3CVSS6.4AI score0.0041EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/11/27 12:30 p.m.8 views

org.apache.skywalking:apache-skywalking-apm (>=6.1.0 <=10.1.0), org.apache.skywalking:apache-skywalking-apm-es7 (>=6.6.0 <=8.7.0) +1 more potentially affected by CVE-2025-54057 via org.apache.skywalking:apm-webapp (>=10.0.1 <=9.7.0)

org.apache.skywalking:apm-webapp MAVEN version =10.0.1, =6.1.0, =6.6.0, =6.0.0-GA, =6.0.0-beta Source cves: CVE-2025-54057 Source advisory: SNYK:JAVA-ORGAPACHESKYWALKING-14220413...

6.1CVSS5.8AI score0.00625EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-25973

Malware in sbrugna...

4CVSS4.7AI score0.00271EPSS
Exploits0References3
Elastic
Elastic
added 2025/05/01 10:14 a.m.9 views

APM Server 8.16.1 Security Update (ESA-2024-41)

APM Server Insertion of Sensitive Information into Log File ESA-2024-41 APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs. Affected...

5.7CVSS6.4AI score0.00223EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/03 12:0 a.m.4 views

PT-2024-27448 · Elastic · Apm Server

Name of the Vulnerable Software and Affected Versions: Elastic APM Server versions prior to 8.14.0 Description: The issue concerns the logging of sensitive data by the APM server due to a flaw related to unavailable shards exception. When a bulk index request partially fails, the APM server logs...

6.9CVSS6.7AI score0.00437EPSS
Exploits0References12
Elastic
Elastic
added 2024/02/06 10:35 p.m.9 views

APM Server 8.12.1 Security Update (ESA-2024-03)

APM Server Insertion of Sensitive Information into Log File ESA-2024-03 An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the...

7.5CVSS6.6AI score0.00577EPSS
Exploits0
CNNVD
CNNVD
added 2023/10/26 12:0 a.m.11 views

Elasticsearch Security Vulnerabilities

Elasticsearch is a search engine based on the Lucene library. A security vulnerability exists in Elasticsearch that stems from a secret token configuration that is not applied when combining some versions of ECK with APM Server...

5.3CVSS6.8AI score0.00364EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/26 12:0 a.m.13 views

PT-2023-23309 · Elastic · Apm Server +1

Name of the Vulnerable Software and Affected Versions: ECK versions prior to 2.8 APM Server versions 8.0 and later Description: The secret token configuration is not applied when using ECK with a version less than 2.8 alongside an APM Server version 8.0 or greater. This could lead to anonymous...

5.3CVSS7.2AI score0.00364EPSS
Exploits0References6
Elastic
Elastic
added 2023/09/26 9:48 a.m.7 views

Elastic Cloud on Kubernetes (ECK) 2.8 Security Update

Elastic Cloud on Kubernetes ECK secret token configuration issue ESA-2023-11 Secret token configuration is never applied when using ECK =8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment. Affected Versions: Elastic Cloud on...

5.3CVSS6.8AI score0.00364EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/04/12 12:0 a.m.6 views

The vulnerability of the data storage system based on Docker for APM monitoring in IBM Instana Observability allows a attacker to gain access to read or modify data.

The vulnerability of the Docker-based data storage solution for APM monitoring in IBM Instana Observability involves a lack of authentication for critical functions. Exploiting this vulnerability could allow an attacker operating remotely to gain access to read or modify data...

9.4CVSS7.8AI score0.08573EPSS
Exploits3References4Affected Software1
CNVD
CNVD
added 2021/11/04 12:0 a.m.7 views

Zoho ManageEngine Applications Manager elevation of privilege vulnerability (CNVD-2021-88236)

Zoho ManageEngine Applications Manager is an application performance monitoring and management solution for various business monitoring and management needs of enterprises. An elevation of privilege vulnerability exists in /showReports.do in Zoho ManageEngine Applications Manager 14550 and earlie...

9.8CVSS6.9AI score0.02736EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/22 12:0 a.m.6 views

Zoho ManageEngine Applications Manager Server-Side Request Forgery Vulnerability

Zoho ManageEngine Applications Manager is an application performance monitoring and management solution for various business monitoring and management needs of enterprises. A server-side request forgery vulnerability exists in Zoho ManageEngine Applications Manager build 15200. No details of the...

6.5CVSS6.9AI score0.01564EPSS
Exploits1References1
OSV
OSV
added 2021/03/02 5:15 p.m.4 views

CVE-2020-4726

The IBM Application Performance Monitoring UI IBM Cloud APM 8.1.4 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975...

3.3CVSS5.8AI score0.00271EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/03/02 4:55 p.m.25 views

CVE-2020-4726

The IBM Application Performance Monitoring UI IBM Cloud APM 8.1.4 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975...

4CVSS3.3AI score0.00271EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/02/26 12:0 a.m.8 views

IBM Application Performance Management Security Vulnerability

IBM Application Performance Management APM is a suite of IT service management software from IBM in the United States. The software is primarily used to monitor and manage cloud, on-premise and hybrid applications, and IT infrastructure. A security vulnerability exists in the IBM Application...

4CVSS5.8AI score0.00271EPSS
Exploits0References4
OSV
OSV
added 2020/04/15 2:15 p.m.4 views

CVE-2020-2946

Vulnerability in the Application Performance Management product of Oracle Enterprise Manager component: EM Request Monitoring. Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...

6CVSS6.6AI score0.01335EPSS
Exploits0References1
Rows per page
Query Builder