CVE-2021-37942

State: PUBLISHED · Published: 2023-11-22 · Updated: 2024-08-04 · Assigner: elastic

Description

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user typically has access to.

CWE

CWE-269 — CWE-269: Improper Privilege Management

Affected

Elastic / Elastic APM Java Agent — v=1.18.0 <1.27.0 [affected]

CVSS

3.1 score=7 severity=HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References

https://discuss.elastic.co/t/apm-java-agent-security-update/291355
https://www.elastic.co/community/security

Source

cvelistV5-main/cves/2021/37xxx/CVE-2021-37942.json