Log4j hot patch package privilege escalation
CVE-2021-3100

8.8HIGH

Key Information:

Vendor

Amazon Web Services

Status
Log4j-cve-2021-44228-hotpatch
Vendor
CVE Published:
19 April 2022

What is CVE-2021-3100?

The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

log4j-cve-2021-44228-hotpatch < 1.1-13

References

https://alas.aws.amazon.com/AL2/ALAS-2021-1732.html
x_refsource_MISC
https://alas.aws.amazon.com/ALAS-2021-1554.html
x_refsource_MISC
https://unit42.paloaltonetworks.com/aws-log4shell-hot-pat...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yuval Avrahami, Palo Alto Networks
JSON
.