The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-13 will now explicitly mimic the permissions of the JVM attempting to be updated.

Affected Packages:

log4j-cve-2021-44228-hotpatch

Issue Correction:
Run yum update log4j-cve-2021-44228-hotpatch to update your system.

New Packages:

noarch:  
    log4j-cve-2021-44228-hotpatch-1.1-13.amzn1.noarch  
  
src:  
    log4j-cve-2021-44228-hotpatch-1.1-13.amzn1.src

Additional References

Red Hat: CVE-2021-3100

Mitre: CVE-2021-3100

OSVersionArchitecturePackageVersionFilename
Amazon Linux1noarchlog4j-cve-2021-44228-hotpatch< 1.1-13.amzn1log4j-cve-2021-44228-hotpatch-1.1-13.amzn1.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	1	noarch	log4j-cve-2021-44228-hotpatch	< 1.1-13.amzn1	log4j-cve-2021-44228-hotpatch-1.1-13.amzn1.noarch.rpm

amazon 1

cve 2

nessus 9

prion 2

cvelist 2

nvd 2

githubexploit 81

suse 3

github 2

openvas 1

ibm 54

impervablog 1

redhat 2

qualysblog 3

rapid7blog 5

debian 1

kitploit 2

mssecure 1

hivepro 2

hackerone 2

msrc 1

ics 2

mmpc 2

zdt 1

wordfence 1

exploitdb 1

osv 1

metasploit 1

qt 1

kaspersky 1

freebsd 1

cisa 2

ubuntu 1

threatpost 3

fedora 1

thn 1

amazon

Important: log4j-cve-2021-44228-hotpatch

2021-12-22 21:17:00

cve

CVE-2021-3100

2022-04-19 23:15:13

CVE-2022-0070

2022-04-19 23:15:13

nessus

Amazon Linux AMI : log4j-cve-2021-44228-hotpatch (ALAS-2021-1554)

2021-12-23 00:00:00

Amazon Linux 2 : log4j-cve-2021-44228-hotpatch (ALAS-2021-1732)

2021-12-23 00:00:00

Amazon Linux 2 : log4j-cve-2021-44228-hotpatch (ALAS-2022-1773)

2022-04-19 00:00:00

prion

Code injection

2022-04-19 23:15:00

Design/Logic Flaw

2022-04-19 23:15:00

cvelist

CVE-2021-3100 Log4j hot patch package privilege escalation

2022-04-19 22:15:19

CVE-2022-0070 Log4j hot patch package privilege escalation

2022-04-19 22:15:23

nvd

CVE-2021-3100

2022-04-19 23:15:13

CVE-2022-0070

2022-04-19 23:15:13

githubexploit

Exploit for Expression Language Injection in Apache Log4J

2023-04-15 12:47:39

Exploit for Expression Language Injection in Apache Log4J

2021-12-13 00:14:45

Exploit for Expression Language Injection in Apache Log4J

2021-12-19 17:53:31

suse

Security update for log4j (important)

2021-12-15 00:00:00

Security update for log4j (important)

2021-12-15 00:00:00

Security update for logback (important)

2021-12-17 00:00:00

github

Critical vulnerability in log4j may affect generated PEAR projects

2021-12-16 21:01:51

Using GitHub’s security features to help identify Log4j exposure in your codebase

2021-12-14 19:46:00

openvas

openSUSE: Security Advisory for logback (openSUSE-SU-2021:4109-1)

2022-02-01 00:00:00

ibm

Security Bulletin: IBM Cloud Transformation Advisor is affected by Apache Log4j vulnerability (CVE-2021-44228)

2022-12-05 19:00:57

Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects MaaS360 Enterprise Gateway

2021-12-17 13:57:26

Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Scale (CVE-2021-44228)

2021-12-22 18:58:03

impervablog

How We’re Protecting Customers & Staying Ahead of CVE-2021-44228

2021-12-11 02:31:39

redhat

(RHSA-2021:5138) Critical: Red Hat AMQ Streams 1.8.4 release and security update

2021-12-14 21:45:43

(RHSA-2021:5140) Low: Red Hat JBoss Enterprise Application Platform 7.4 security update

2021-12-15 02:55:01

qualysblog

Log4Shell Exploit Detection and Response with Qualys Multi-Vector EDR

2021-12-14 23:55:59

What’s Next After Log4Shell?

2023-02-22 03:36:56

How to Make Log4Shell Remediation Quick & Effective

2022-01-11 16:58:48

rapid7blog

Test for Log4Shell With InsightAppSec Using New Functionality

2021-12-22 21:50:50

5 Security Projects That Are Giving Back

2022-01-04 18:44:58

Using InsightVM to Find Apache Log4j CVE-2021-44228

2021-12-14 14:17:29

debian

[SECURITY] [DLA 2842-1] apache-log4j2 security update

2021-12-12 15:09:37

kitploit

Log4J-Detect - Script To Detect The "Log4j" Java Library Vulnerability (CVE-2021-44228) For A List Of URLs With Multithreading

2022-01-06 11:30:00

CVE-Vulnerability-Information-Downloader - Downloads Information From NIST (CVSS), First.Org (EPSS), And CISA (Exploited Vulnerabilities) And Combines Them Into One List

2023-02-25 11:30:00

mssecure

Build a stronger cybersecurity team through diversity and training

2022-01-20 17:00:00

hivepro

Deep Panda deploys new rootkit “Fire Chili” by exploiting Log4shell in VMware horizon

2022-04-05 12:57:28

Lazarus’s Operation Blacksmith Deploys Novel Dlang RATs

2023-12-13 06:46:17

hackerone

U.S. Dept Of Defense: LOGJ4 VUlnerability [HtUS]

2022-07-04 14:01:23

Acronis: [CVE-2021-44228] Arbitrary Code Execution on ng01-cloud.acronis.com

2022-01-25 07:33:15

msrc

Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

2021-12-12 08:00:00

ics

Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester

2022-11-25 12:00:00

Sensormatic PowerManage (Update A)

2022-03-08 12:00:00

mmpc

MERCURY and DEV-1084: Destructive attack on hybrid environment

2023-04-07 16:00:00

Build a stronger cybersecurity team through diversity and training

2022-01-20 17:00:00

zdt

MobileIron Log4Shell Remote Command Execution Exploit

2022-08-04 00:00:00

wordfence

Analyzing Attack Data and Trends Targeting Log4J

2022-08-02 14:06:05

exploitdb

Apache Log4j2 2.14.1 - Information Disclosure

2021-12-14 00:00:00

osv

Apache Log4j Remote Code Execution

2021-12-14 21:07:14

metasploit

UniFi Network Application Unauthenticated JNDI Injection RCE (via Log4Shell)

2022-01-19 22:51:31

The Qt Company Products Are Not Affected by CVE-2021-44228 (Log4j vulnerability)

2021-12-15 00:00:00

kaspersky

KLA12393 RCE vulnerability in Microsoft System Center

2021-12-16 00:00:00

freebsd

openhab -- log4j remote code injection

2021-12-10 00:00:00

cisa

Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation

2021-12-10 00:00:00

Ivanti Updates Log4j Advisory with Security Updates for Multiple Products

2022-01-14 00:00:00

ubuntu

Apache Log4j 2 vulnerability

2021-12-17 00:00:00

threatpost

Conti Ransomware Gang Has Full Log4Shell Attack Chain

2021-12-20 22:11:30

FTC to Go After Companies that Ignore Log4j

2022-01-05 19:00:03

The Log4j Vulnerability Puts Pressure on the Security World

2022-01-18 20:21:04

fedora

[SECURITY] Fedora 34 Update: jansi-2.1.1-4.fc34

2021-12-22 01:14:26

thn

NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon

2022-01-08 07:04:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.965

Percentile

99.6%

JSON

Related for ALAS-2021-1554