Every CVE whose affected-product data names Elastic Apm Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2023-31421 — CVSS 5.9 (medium): It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server…
CVE-2024-23448 — CVSS 5.7 (medium): An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document…
CVE-2024-37286 — CVSS 5.7 (medium): APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for…