Base Score

HIGH7.8

CVE-2021-37942

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user typically has access to.

VectorLOCAL

Published Bysecurity@elastic.co

Published DateNov 22, 2023, 02:15

Affected Versions(2)

co.elastic.apm:apm-agent-parent(Maven)

Introduced1.18.0

Fixed1.27.1

LimitN/A

co.elastic.apm:elastic-apm-agent(Maven)

Introduced1.18.0

Fixed1.27.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
co.elastic.apm:apm-agent-parent(Maven)	1.18.0	1.27.1	N/A
co.elastic.apm:elastic-apm-agent(Maven)	1.18.0	1.27.1	N/A

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

7.8

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

Base Score

HIGH7.8

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

7.8

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH