{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T18:12:31.628","vulnerabilities":[{"cve":{"id":"CVE-2024-23448","sourceIdentifier":"security@elastic.co","published":"2024-02-07T22:15:09.987","lastModified":"2024-11-21T08:57:43.770","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs."},{"lang":"es","value":"Se descubrió un problema por el cual APM Server podía iniciar sesión en el nivel ERROR, una respuesta de Elasticsearch indicaba que la indexación del documento falló y que esa respuesta contendría partes del documento original. Dependiendo de la naturaleza del documento que el servidor APM intentó ingerir, esto podría dar lugar a la inserción de información confidencial o privada en los registros del servidor APM."}],"metrics":{"cvssMetricV31":[{"source":"security@elastic.co","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@elastic.co","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:apm_server:*:*:*:*:*:*:*:*","versionEndExcluding":"8.12.1","matchCriteriaId":"359F4AB6-DD4A-4B8E-B6AE-5879A047E448"}]}]}],"references":[{"url":"https://discuss.elastic.co/t/apm-server-8-12-1-security-update-esa-2024-03/352688","source":"security@elastic.co","tags":["Vendor Advisory"]},{"url":"https://www.elastic.co/community/security","source":"security@elastic.co","tags":["Vendor Advisory"]},{"url":"https://discuss.elastic.co/t/apm-server-8-12-1-security-update-esa-2024-03/352688","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.elastic.co/community/security","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}