#VU108117 Inclusion of Sensitive Information in Log Files in APM Server - CVE-2024-11994

Cybersecurity Help s.r.o.

Published: 2025-05-01

Vulnerability identifier: #VU108117

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-11994

CWE-ID: CWE-532

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
APM Server
Web applications / Remote management & hosting panels

Vendor: Elastic Stack

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to APM server logs can contain parts of the document body from a partially failed bulk index request. A remote user can gain access to sensitive data.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

APM Server: 8.0.0 - 8.16.0

External links
https://discuss.elastic.co/t/apm-server-8-16-1-security-update-esa-2024-41/377710

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Inclusion of sensitive information in APM server logs