CVE-2021-3100

Sažetak

The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges.

Reference

https://alas.aws.amazon.com/AL2/ALAS-2021-1732.html
https://alas.aws.amazon.com/ALAS-2021-1554.html
https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

06-10-2022 - 16:08

Objavljeno

19-04-2022 - 23:15