Lucene search

PRIOn knowledge basePRION:CVE-2021-3100

HistoryApr 19, 2022 - 11:15 p.m.

Code injection

2022-04-1923:15:00

PRIOn knowledge base

www.prio-n.com

9.6 High

AI Score

Confidence

High

0.976 High

EPSS

Percentile

100.0%

JSON

The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges.

CPENameOperatorVersion
log4jhotpatcheq< 1.1-13

CPE	Name	Operator	Version
	log4jhotpatch	eq	< 1.1-13

References

alas.aws.amazon.com/AL2/ALAS-2021-1732.html

alas.aws.amazon.com/ALAS-2021-1554.html

unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities

amazon

Important: log4j-cve-2021-44228-hotpatch

2021-12-22 21:17:00

Important: log4j-cve-2021-44228-hotpatch

2021-12-22 21:18:00

nessus

Amazon Linux AMI : log4j-cve-2021-44228-hotpatch (ALAS-2021-1554)

2021-12-23 00:00:00

Amazon Linux 2 : log4j-cve-2021-44228-hotpatch (ALAS-2021-1732)

2021-12-23 00:00:00

Amazon Linux 2 : log4j-cve-2021-44228-hotpatch (ALAS-2022-1773)

2022-04-19 00:00:00

cvelist

CVE-2021-3100 Log4j hot patch package privilege escalation

2022-04-19 00:00:00

CVE-2022-0070 Log4j hot patch package privilege escalation

2022-04-19 00:00:00

nvd

CVE-2021-3100

2022-04-19 23:15:13

CVE-2022-0070

2022-04-19 23:15:13

cve

CVE-2021-3100

2022-04-19 23:15:13

CVE-2022-0070

2022-04-19 23:15:13

CVE-2021-44228

2021-12-10 10:15:09

prion

Design/Logic Flaw

2022-04-19 23:15:00

ibm

Security Bulletin: IBM Maximo Application Suite is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

2022-02-23 18:56:25

Security Bulletin: The Apache Log4j (CVE-2021-44228) vulnerability affects z/TPF and TPF Operations Server

2021-12-20 20:53:23

Security Bulletin: IBM Security Directory Integrator NOT Affected by CVE-2021-44228 Exploit

2021-12-16 04:19:55

githubexploit

Exploit for Improper Input Validation in Apache Log4J

2021-12-22 15:15:12

Exploit for Expression Language Injection in Apache Log4J

2021-12-14 14:51:26

Exploit for Deserialization of Untrusted Data in Apache Log4J

2021-12-14 22:19:29

kaspersky

KLA12390 RCE vulnerability in Apache Log4j

2021-12-10 00:00:00

KLA12392 RCE vulnerability in Microsoft Azure

2021-12-16 00:00:00

KLA12395 RCE vulnerability in Microsoft SQL Server

2021-12-16 00:00:00

threatpost

Medusa Malware Joins Flubot's Android Distribution Network

2022-02-07 22:13:29

Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak

2022-03-07 19:28:36

Russia Issues Its Own TLS Certs

2022-03-11 18:34:34

trellix

Log4J and The Memory That Knew Too Much

2022-01-19 00:00:00

osv

Critical vulnerability in log4j may affect generated PEAR projects

2021-12-16 21:01:51

hivepro

Iranian hackers leveraged Log4Shell to penetrate US federal agency

2022-11-17 12:28:57

msrc

Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

2021-12-12 05:28:18

CVE-2021-44228 Apache Log4j 2 に対するマイクロソフトの対応

2021-12-12 08:00:00

impervablog

Continuing to Stay Ahead of CVE-2021-44228: Addressing Your Top Questions

2021-12-14 22:55:49

Analytics Are Essential for Effective Database Security

2022-01-13 15:23:02

2021 in Review, Part 3: 5 Things Security Professionals Were Discussing this Year

2021-12-30 13:26:47

cisa_kev

Apache Log4j2 Remote Code Execution Vulnerability

2021-12-10 00:00:00

rapid7blog

Metasploit Framework 6.4 Released

2024-03-25 13:33:28

3 Reasons to Join Rapid7’s Cloud Security Summit

2022-03-09 17:06:13

[Security Nation] Mike Hanley of GitHub on the Log4j Vulnerability

2022-01-19 21:47:30

cisa

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

2022-06-23 00:00:00

openvas

Debian: Security Advisory (DLA-2842-1)

2021-12-13 00:00:00

openSUSE: Security Advisory for logback (openSUSE-SU-2021:1613-1)

2022-02-01 00:00:00

Fedora: Security Advisory for jansi (FEDORA-2021-66d6c484f3)

2021-12-23 00:00:00

mssecure

MERCURY and DEV-1084: Destructive attack on hybrid environment

2023-04-07 16:00:00

redhat

(RHSA-2021:5093) Critical: Red Hat build of Eclipse Vert.x 4.1.5 SP1 security update

2021-12-14 15:57:34

(RHSA-2021:5130) Critical: Red Hat Integration Camel-K 1.6.2 release and security update

2021-12-14 17:51:25

(RHSA-2021:5126) Critical: Red Hat Integration Camel Extensions for Quarkus GA security update

2021-12-14 16:15:45

hackerone

U.S. Dept Of Defense: ███ ████████ running a vulnerable log4j

2021-12-31 00:55:49

U.S. Dept Of Defense: ██████████ running a vulnerable log4j

2021-12-11 00:16:38

amd

AMD Response to Log4j (Log4Shell) Vulnerability

2021-12-15 00:00:00

fedora

[SECURITY] Fedora 34 Update: log4j-2.16.0-1.fc34

2021-12-22 01:14:26

trendmicroblog

Patch Now: Apache Log4j Vulnerability Called Log4Shell Actively Exploited

2021-12-13 00:00:00

packetstorm

MobileIron Log4Shell Remote Command Execution

2022-08-03 00:00:00

Log4Shell HTTP Header Injection

2022-01-12 00:00:00

Intel Data Center Manager 5.1 Local Privilege Escalation

2022-12-09 00:00:00

talosblog

How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity

2024-02-21 13:54:48

akamaiblog

Threat Intelligence on Log4j CVE: Key Findings and Their Implications

2021-12-17 19:30:00

qualysblog

Log4Shell – Follow This Multi-Layered Approach for Detection and Remediation

2021-12-28 18:00:00

veracode

Remote Code Execution (RCE)

2021-12-10 15:09:45

wallarmlab

Update on Log4Shell (CVE-2021-44228)

2021-12-10 20:22:36

ics

Karakurt Data Extortion Group

2023-12-12 12:00:00

nuclei

Apache Log4j2 Remote Code Injection

2021-12-11 19:26:50

suse

Security update for log4j (important)

2021-12-13 00:00:00

mageia

Updated log4j packages fix security vulnerability

2021-12-11 04:02:37

freebsd

bastillion -- log4j vulnerability

2021-12-10 00:00:00

serviio -- affected by log4j vulnerability

2021-12-13 00:00:00

malwarebytes

What SMBs can do to protect against Log4Shell attacks

2021-12-15 20:59:31

9.6 High

AI Score

Confidence

High

0.976 High

EPSS

Percentile

100.0%

JSON

Code injection

References

Related