{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11994", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "state": "PUBLISHED", "assignerShortName": "elastic", "dateReserved": "2024-11-29T15:12:45.792Z", "datePublished": "2025-05-01T13:06:54.194Z", "dateUpdated": "2025-05-01T15:32:54.220Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "APM Server", "repo": "https://github.com/elastic/apm-server", "vendor": "Elastic", "versions": [{"lessThan": "8.16.1", "status": "affected", "version": "8.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs.</p>"}], "value": "APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2025-05-01T13:06:54.194Z"}, "references": [{"url": "https://discuss.elastic.co/t/apm-server-8-16-1-security-update-esa-2024-41/377710"}], "source": {"discovery": "UNKNOWN"}, "title": "APM Server Insertion of Sensitive Information into Log File", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-01T14:30:02.890444Z", "id": "CVE-2024-11994", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-01T15:32:54.220Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11994", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-01T14:30:02.890444Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-01T14:51:48.818Z"}}], "cna": {"title": "APM Server Insertion of Sensitive Information into Log File", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/elastic/apm-server", "vendor": "Elastic", "product": "APM Server", "versions": [{"status": "affected", "version": "8.0.0", "lessThan": "8.16.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://discuss.elastic.co/t/apm-server-8-16-1-security-update-esa-2024-41/377710"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs.", "supportingMedia": [{"type": "text/html", "value": "<p>APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2025-05-01T13:06:54.194Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11994", "state": "PUBLISHED", "dateUpdated": "2025-05-01T15:32:54.220Z", "dateReserved": "2024-11-29T15:12:45.792Z", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "datePublished": "2025-05-01T13:06:54.194Z", "assignerShortName": "elastic"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs."}, {"lang": "es", "value": "Los registros del servidor APM podr\u00edan contener partes del cuerpo del documento de una solicitud de indexaci\u00f3n masiva parcialmente fallida. Dependiendo de la naturaleza del documento, esto podr\u00eda revelar informaci\u00f3n confidencial en los registros de errores del servidor APM."}], "id": "CVE-2024-11994", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "security@elastic.co", "type": "Secondary"}]}, "published": "2025-05-01T14:15:35.093", "references": [{"source": "security@elastic.co", "url": "https://discuss.elastic.co/t/apm-server-8-16-1-security-update-esa-2024-41/377710"}], "sourceIdentifier": "security@elastic.co", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@elastic.co", "type": "Secondary"}]}

{}

{"created": "2025-07-12T22:01:02.469917+00:00", "updated": "2025-07-12T22:01:02.469972+00:00", "vendors": ["elastic", "elastic$PRODUCT$apm_server"]}