PT-2022-2393 · Apache · Log4J
Published
2022-04-19
·
Updated
2022-10-06
·
CVE-2021-3100
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache Log4j versions prior to log4j-cve-2021-44228-hotpatch-1.1-13
Description
The issue is related to insecure privilege management in the Log4j Java logging program. It allows an attacker to escalate their privileges.
Recommendations
For versions prior to log4j-cve-2021-44228-hotpatch-1.1-13, update to log4j-cve-2021-44228-hotpatch-1.1-13 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation.
Exploit
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Log4J