Lucene search

[email protected]NVD:CVE-2021-37942

HistoryNov 22, 2023 - 2:15 a.m.

CVE-2021-37942

2023-11-2202:15:42

CWE-269

[email protected]

web.nvd.nist.gov

cve-2021-37942

local privilege escalation

malicious plugin

application security

code execution

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user typically has access to.

Affected configurations

Nvd

Node

elasticapm_java_agentRange1.18.0–1.27.0

VendorProductVersionCPE
elasticapm_java_agent*cpe:2.3:a:elastic:apm_java_agent:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
elastic	apm_java_agent	*	cpe:2.3:a:elastic:apm_java_agent::::::::

References

discuss.elastic.co/t/apm-java-agent-security-update/291355

www.elastic.co/community/security

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2021-37942

gitlab1 cve1 cvelist1 prion1 veracode1 osv1 github1