RSS   Vulnerabilities for 'Apm agent'   RSS

2021-02-10
 
CVE-2021-22133

CWE-532
 

 
The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent.

 
2019-08-22
 
CVE-2019-7617

CWE-20
 

 
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.

 

 >>> Vendor: Elastic 16 Products
X-pack
Kibana reporting
Elasticsearch
Azure repository
Apm-agent-ruby
Elastic cloud enterprise
Logstash
Elasticsearch x-pack
Kibana x-pack
Logstash x-pack
Winlogbeat
Apm agent
Elastic cloud on kubernetes
Elastic app search
Enterprise search
Kibana


Copyright 2021, cxsecurity.com

 

Back to Top