1. Home
  2. Vulnerabilities
  3. CVE-2021-3100

CVE-2021-3100

CVSS v3.1 8.8 (High)
88% Progress
CVSS v2.0 7.2 (High)
72% Progress
EPSS 0.09 % (39th)
0.09% Progress
Affected Products 2
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges.

Weaknesses
CWE-250
Execution with Unnecessary Privileges
CWE-269
Improper Privilege Management
Related CVEs
CVE Status
PUBLISHED
CNA
Palo Alto Networks, Inc.
Published Date
2022-04-19 23:15:13
(2 years ago)
Updated Date
2022-10-06 16:08:27
(23 months ago)

Affected Products

Amazon

Linux

Configuration #1

AND
    CPE23 From Up To
OR  
  Amazon Log4jhotpatch prior 1.1-13 version cpe:2.3:a:amazon:log4jhotpatch < 1.1-13
OR  
  Running on/with
  Linux Kernel cpe:2.3:a:linux:linux_kernel:-