← back
CVE-2019-7615

CVE-2019-7615

EPSS 0.6%CWE-295
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
30 Jul 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent.
Affected products
Elastic · Elastic APM agent for Ruby

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.elastic.co/community/security/