The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges.
CPE | Name | Operator | Version |
---|---|---|---|
log4jhotpatch | eq | < 1.1-13 |
9.6 High
AI Score
Confidence
0.976 High
EPSS
Percentile
100.0%