Vulnerability Details CVE-2021-3100
The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 7.2
References
- https://alas.aws.amazon.com/AL2/ALAS-2021-1732.html
- https://alas.aws.amazon.com/ALAS-2021-1554.html
- https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities
- https://alas.aws.amazon.com/AL2/ALAS-2021-1732.html
- https://alas.aws.amazon.com/ALAS-2021-1554.html
- https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities
Products affected by CVE-2021-3100
-
cpe:2.3:a:amazon:log4jhotpatch:*
-
cpe:2.3:a:linux:linux_kernel:-