CVE-2021-3100

Description

The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected products

Amazon Web Services / log4j-cve-2021-44228-hotpatchunspecified – 1.1-13

References

MISChttps://alas.aws.amazon.com/AL2/ALAS-2021-1732.html
MISChttps://alas.aws.amazon.com/ALAS-2021-1554.html
MISChttps://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities