Mitigating Denial-of-Service Vulnerability from Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users

Mitigating Denial-of-Service Vulnerability from Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users TL;DR Node.js/V8 makes a best-effort attempt to recover from stack space exhaustion with a catchable error, which frameworks have come to rely on for service availability. An edg...

org.apache.skywalking:apache-skywalking-apm (>=6.1.0 <=10.1.0), org.apache.skywalking:apache-skywalking-apm-es7 (>=6.6.0 <=8.7.0) +1 more potentially affected by CVE-2025-54057 via org.apache.skywalking:apm-webapp (>=10.0.1 <=9.7.0)

org.apache.skywalking:apm-webapp MAVEN version =10.0.1, =6.1.0, =6.6.0, =6.0.0-GA, =6.0.0-beta Source cves: CVE-2025-54057 Source advisory: SNYK:JAVA-ORGAPACHESKYWALKING-14220413...

EUVD-2020-25973

Malware in sbrugna...

APM Server 8.16.1 Security Update (ESA-2024-41)

APM Server Insertion of Sensitive Information into Log File ESA-2024-41 APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs. Affected...

PT-2024-27448 · Elastic · Apm Server

Name of the Vulnerable Software and Affected Versions: Elastic APM Server versions prior to 8.14.0 Description: The issue concerns the logging of sensitive data by the APM server due to a flaw related to unavailable shards exception. When a bulk index request partially fails, the APM server logs...

APM Server 8.12.1 Security Update (ESA-2024-03)

APM Server Insertion of Sensitive Information into Log File ESA-2024-03 An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the...

Elasticsearch Security Vulnerabilities

Elasticsearch is a search engine based on the Lucene library. A security vulnerability exists in Elasticsearch that stems from a secret token configuration that is not applied when combining some versions of ECK with APM Server...

PT-2023-23309 · Elastic · Apm Server +1

Name of the Vulnerable Software and Affected Versions: ECK versions prior to 2.8 APM Server versions 8.0 and later Description: The secret token configuration is not applied when using ECK with a version less than 2.8 alongside an APM Server version 8.0 or greater. This could lead to anonymous...

Elastic Cloud on Kubernetes (ECK) 2.8 Security Update

Elastic Cloud on Kubernetes ECK secret token configuration issue ESA-2023-11 Secret token configuration is never applied when using ECK =8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment. Affected Versions: Elastic Cloud on...

Zoho ManageEngine Applications Manager elevation of privilege vulnerability (CNVD-2021-88236)

Zoho ManageEngine Applications Manager is an application performance monitoring and management solution for various business monitoring and management needs of enterprises. An elevation of privilege vulnerability exists in /showReports.do in Zoho ManageEngine Applications Manager 14550 and earlie...

Zoho ManageEngine Applications Manager Server-Side Request Forgery Vulnerability

Zoho ManageEngine Applications Manager is an application performance monitoring and management solution for various business monitoring and management needs of enterprises. A server-side request forgery vulnerability exists in Zoho ManageEngine Applications Manager build 15200. No details of the...

CVE-2020-4726

The IBM Application Performance Monitoring UI IBM Cloud APM 8.1.4 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975...

CVE-2020-4726

The IBM Application Performance Monitoring UI IBM Cloud APM 8.1.4 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975...

IBM Application Performance Management Security Vulnerability

IBM Application Performance Management APM is a suite of IT service management software from IBM in the United States. The software is primarily used to monitor and manage cloud, on-premise and hybrid applications, and IT infrastructure. A security vulnerability exists in the IBM Application...

CVE-2020-2946

Vulnerability in the Application Performance Management product of Oracle Enterprise Manager component: EM Request Monitoring. Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...

Riverbed Patches Vulnerabilities in Application Monitoring Portal

Riverbed Technology has patched four serious vulnerabilities in its SteelCentral portal, a centralized application performance monitoring platform. The flaws could allow an attacker to access critical application data and move through the network to other Riverbed agents feeding data into the...

ManageEngine Applications Manager Build 12700 - Multiple Vulnerabilities

Exploit for jsp platform in category web applications Affected Software: ManageEngine Applications Manager Build No: 12700 Vulnerability: Information Disclosure and Un-Authenticated SQL injection. CVSSv3: 9.3 Severity: Critical Release Date: 2016-05-05 I. Background ManageEngine Applications...

Manage Engine Application Manager 12.5 - Arbitrary Command Execution

Manage Engine Application Manager 12.5 - Arbitrary Command Execution !C:/Python27/python.exe -u Applications Manager 12.5 Arbitrary Command Execution Exploit Vendor: Zoho Corporation Pvt. Ltd. Product web page: https://www.manageengine.com Affected version: 12.5 Summary: ManageEngine Applications...

Manage Engine Applications Manager 12 - Multiple Vulnerabilities

Exploit for multiple platform in category web applications Manage Engine Applications Manager 12 Multiple Vulnerabilities Vendor Product Description - ManageEngine Applications Manager is an application performance monitoring solution that proactively monitors business applications and help...

Manage Engine Applications Manager 12 - Multiple Vulnerabilities

Manage Engine Applications Manager 12 - Multiple Vulnerabilities Manage Engine Applications Manager 12 Multiple Vulnerabilities Vendor Product Description - ManageEngine Applications Manager is an application performance monitoring solution that proactively monitors business applications and help...