Lucene search
Palo_altoCVELIST:CVE-2021-3100HistoryApr 19, 2022 - 12:00 a.m.
CVE-2021-3100 Log4j hot patch package privilege escalation
2022-04-1900:00:00
CWE-250
palo_alto
www.cve.org
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.976 High
EPSS
Percentile
100.0%
The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges.
CNA Affected
[
{
"product": "log4j-cve-2021-44228-hotpatch",
"vendor": "Amazon Web Services",
"versions": [
{
"lessThan": "1.1-13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
amazon
amazon
Important: log4j-cve-2021-44228-hotpatch
2021-12-22 21:17:00
Important: log4j-cve-2021-44228-hotpatch
2021-12-22 21:18:00
nessus
nessus
Amazon Linux AMI : log4j-cve-2021-44228-hotpatch (ALAS-2021-1554)
2021-12-23 00:00:00
Amazon Linux 2 : log4j-cve-2021-44228-hotpatch (ALAS-2021-1732)
2021-12-23 00:00:00
Amazon Linux 2 : log4j-cve-2021-44228-hotpatch (ALAS-2022-1773)
2022-04-19 00:00:00
prion
prion
Code injection
2022-04-19 23:15:00
Design/Logic Flaw
2022-04-19 23:15:00
nvd
nvd
CVE-2021-3100
2022-04-19 23:15:13
CVE-2022-0070
2022-04-19 23:15:13
cve
cve
cvelist
cvelist
CVE-2022-0070 Log4j hot patch package privilege escalation
2022-04-19 00:00:00
ibm
ibm
githubexploit
githubexploit
Exploit for Improper Input Validation in Apache Log4J
2021-12-22 15:15:12
Exploit for Expression Language Injection in Apache Log4J
2021-12-14 14:51:26
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-14 22:19:29
kaspersky
kaspersky
KLA12390 RCE vulnerability in Apache Log4j
2021-12-10 00:00:00
KLA12392 RCE vulnerability in Microsoft Azure
2021-12-16 00:00:00
KLA12395 RCE vulnerability in Microsoft SQL Server
2021-12-16 00:00:00
threatpost
threatpost
Medusa Malware Joins Flubot's Android Distribution Network
2022-02-07 22:13:29
Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak
2022-03-07 19:28:36
Russia Issues Its Own TLS Certs
2022-03-11 18:34:34
trellix
trellix
Log4J and The Memory That Knew Too Much
2022-01-19 00:00:00
osv
osv
Critical vulnerability in log4j may affect generated PEAR projects
2021-12-16 21:01:51
hivepro
hivepro
Iranian hackers leveraged Log4Shell to penetrate US federal agency
2022-11-17 12:28:57
msrc
msrc
Microsoft’s Response to CVE-2021-44228 Apache Log4j 2
2021-12-12 05:28:18
CVE-2021-44228 Apache Log4j 2 に対するマイクロソフトの対応
2021-12-12 08:00:00
impervablog
impervablog
Continuing to Stay Ahead of CVE-2021-44228: Addressing Your Top Questions
2021-12-14 22:55:49
Analytics Are Essential for Effective Database Security
2022-01-13 15:23:02
cisa_kev
cisa_kev
Apache Log4j2 Remote Code Execution Vulnerability
2021-12-10 00:00:00
rapid7blog
rapid7blog
Metasploit Framework 6.4 Released
2024-03-25 13:33:28
3 Reasons to Join Rapid7’s Cloud Security Summit
2022-03-09 17:06:13
[Security Nation] Mike Hanley of GitHub on the Log4j Vulnerability
2022-01-19 21:47:30
cisa
cisa
openvas
openvas
Debian: Security Advisory (DLA-2842-1)
2021-12-13 00:00:00
openSUSE: Security Advisory for logback (openSUSE-SU-2021:1613-1)
2022-02-01 00:00:00
Fedora: Security Advisory for jansi (FEDORA-2021-66d6c484f3)
2021-12-23 00:00:00
mssecure
mssecure
MERCURY and DEV-1084: Destructive attack on hybrid environment
2023-04-07 16:00:00
redhat
redhat
hackerone
hackerone
U.S. Dept Of Defense: ███ ████████ running a vulnerable log4j
2021-12-31 00:55:49
U.S. Dept Of Defense: ██████████ running a vulnerable log4j
2021-12-11 00:16:38
amd
amd
AMD Response to Log4j (Log4Shell) Vulnerability
2021-12-15 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: log4j-2.16.0-1.fc34
2021-12-22 01:14:26
trendmicroblog
trendmicroblog
Patch Now: Apache Log4j Vulnerability Called Log4Shell Actively Exploited
2021-12-13 00:00:00
packetstorm
packetstorm
MobileIron Log4Shell Remote Command Execution
2022-08-03 00:00:00
Log4Shell HTTP Header Injection
2022-01-12 00:00:00
Intel Data Center Manager 5.1 Local Privilege Escalation
2022-12-09 00:00:00
talosblog
talosblog
How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity
2024-02-21 13:54:48
akamaiblog
akamaiblog
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
2021-12-17 19:30:00
qualysblog
qualysblog
Log4Shell – Follow This Multi-Layered Approach for Detection and Remediation
2021-12-28 18:00:00
veracode
veracode
Remote Code Execution (RCE)
2021-12-10 15:09:45
wallarmlab
wallarmlab
Update on Log4Shell (CVE-2021-44228)
2021-12-10 20:22:36
ics
ics
Karakurt Data Extortion Group
2023-12-12 12:00:00
nuclei
nuclei
Apache Log4j2 Remote Code Injection
2021-12-11 19:26:50
suse
suse
Security update for log4j (important)
2021-12-13 00:00:00
mageia
mageia
Updated log4j packages fix security vulnerability
2021-12-11 04:02:37
freebsd
freebsd
bastillion -- log4j vulnerability
2021-12-10 00:00:00
serviio -- affected by log4j vulnerability
2021-12-13 00:00:00
malwarebytes
malwarebytes
What SMBs can do to protect against Log4Shell attacks
2021-12-15 20:59:31
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.976 High
EPSS
Percentile
100.0%
Related for CVELIST:CVE-2021-3100