CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-11994: APM Server Insertion of Sensitive Information into Log File

5.7 CVSS

Description

APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs.

Classification

CVE ID: CVE-2024-11994

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.7

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem Types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Affected Products

Vendor: Elastic

Product: APM Server

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 5.23% (scored less or equal to compared to others)

EPSS Date: 2025-05-30 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-11994
https://discuss.elastic.co/t/apm-server-8-16-1-security-update-esa-2024-41/377710

Timeline

2025-05-01 14:40:15 UTC
CVE

APM Server Insertion of Sensitive Information into Log File