CVE-2021-37942

Published: Nov 22, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user typically has access to.

Affected (1)

Products: Elastic: Apm Java Agent

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Elastic Apm Java Agent	From 1.18.0 to 1.27.0

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

https://discuss.elastic.co/t/apm-java-agent-security-update/291355

Source: security@elastic.co

Vendor Advisory

https://www.elastic.co/community/security

Source: security@elastic.co

Product

https://discuss.elastic.co/t/apm-java-agent-security-update/291355

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.elastic.co/community/security

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.