CVE-2021-3100
HIGHApache Log4j <log4j-cve-2021-44228-hotpatch-1.1-13 - Privilege Esca...
Title source: llmDescription
The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://alas.aws.amazon.com/AL2/ALAS-2021-1732.html
Vendor Advisory x_refsource_misc
https://alas.aws.amazon.com/ALAS-2021-1554.html
Exploit, Third Party Advisory x_refsource_misc
https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities
Scores
CVSS v3
8.8
EPSS
0.0036
EPSS Percentile
27.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-269
CWE-250
Status
published
Products (1)
amazon/log4jhotpatch
< 1.1-13
Published
Apr 19, 2022
Tracked Since
Feb 18, 2026