Vulnerability Details CVE-2021-37942
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user typically has access to.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.7%
CVSS Severity
CVSS v3 Score 7.0
References
Products affected by CVE-2021-37942
-
cpe:2.3:a:elastic:apm_java_agent:1.18.0
-
cpe:2.3:a:elastic:apm_java_agent:1.18.1
-
cpe:2.3:a:elastic:apm_java_agent:1.19.0
-
cpe:2.3:a:elastic:apm_java_agent:1.20.0
-
cpe:2.3:a:elastic:apm_java_agent:1.21.0
-
cpe:2.3:a:elastic:apm_java_agent:1.22.0
-
cpe:2.3:a:elastic:apm_java_agent:1.23.0
-
cpe:2.3:a:elastic:apm_java_agent:1.24.0
-
cpe:2.3:a:elastic:apm_java_agent:1.25.0
-
cpe:2.3:a:elastic:apm_java_agent:1.26.0
-
cpe:2.3:a:elastic:apm_java_agent:1.26.1
-
cpe:2.3:a:elastic:apm_java_agent:1.26.2
-
cpe:2.3:a:elastic:apm_java_agent:1.27.0