CVE-2022-0070

Sažetak

Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to.

Reference

https://alas.aws.amazon.com/cve/html/CVE-2022-0070.html
https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

30-09-2022 - 13:09

Objavljeno

19-04-2022 - 23:15