1. Home
  2. Vulnerabilities
  3. CVE-2022-0070

CVE-2022-0070

CVSS v3.1 8.8 (High)
88% Progress
CVSS v2.0 7.2 (High)
72% Progress
EPSS 0.05 % (19th)
0.05% Progress
Affected Products 2
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to.

Weaknesses
CWE-250
Execution with Unnecessary Privileges
CWE-269
Improper Privilege Management
Related CVEs
CVE Status
PUBLISHED
CNA
Palo Alto Networks, Inc.
Published Date
2022-04-19 23:15:13
(2 years ago)
Updated Date
2022-09-30 13:09:34
(23 months ago)

Affected Products

Amazon

Linux

Configuration #1

AND
    CPE23 From Up To
OR  
  Amazon Log4jhotpatch prior 1.1-16 version cpe:2.3:a:amazon:log4jhotpatch < 1.1-16
OR  
  Running on/with
  Linux Kernel cpe:2.3:a:linux:linux_kernel:-