VYPR

log4j-cve-2021-44228-hotpatch

by Amazon

CVEs (3)

  • CVE-2022-33915Jun 17, 2022
    risk 0.00cvss epss 0.00

    Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch package is not a replacement for updating to a log4j version that mitigates…

  • CVE-2022-0070Apr 19, 2022
    risk 0.00cvss epss 0.00

    Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to.

  • CVE-2021-3100Apr 19, 2022
    risk 0.00cvss epss 0.00

    The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges.