The following security finding was found on the systems that are running APM:
Spring Framework 4.3.x < 4.3.16 / 5.0.x < 5.0.5 Remote Code Execution with spring-messaging (CVE-2018-1270)
The remote host contains a Spring Framework library version that is 4.3.x prior to 4.3.16 or 5.0.x prior to 5.0.5. It is, therefore, affected by a remote code execution vulnerability.
An unauthenticated, remote attacker can exploit this, by sending a special craft message to the broker that can lead to RCE attack.
Release : 10.5
Component : APM Agents