Elastic Apm Server

5 CVEs affecting Elastic Apm Server. Latest disclosed: 2025-07-30. Critical: 0, High: 1.

Top CVEs affecting Elastic Apm Server
CVESeverityScorePublishedSummary
CVE-2025-0712High7.02025-07-30An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises fro…
CVE-2023-31421Medium5.92023-10-26It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid fo…
CVE-2024-11994Medium5.72025-05-01APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclo…
CVE-2024-37286Medium5.72024-08-03APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document…
CVE-2024-23448Medium5.72024-02-07An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that respon…