CVE-2021-37941: APM Java Agent Local Privilege Escalation
7.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.07872%
CWE
Published
12/9/2021
Updated
4/22/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
elastic-apm | pip | >= 1.10.0, < 1.27.0 | 1.27.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided information describes a vulnerability in the APM Java agent related to insecure agent attachment mechanisms and the profiling_inferred_spans_enabled feature. However, the affected package listed (elastic-apm in pip) appears to reference a Python package, while the vulnerability explicitly pertains to the Java agent implementation. No commit diffs, patch details, or specific code references are provided to identify exact vulnerable functions in either the Python or Java codebase. While the vulnerability likely involves functions related to agent attachment (e.g., VirtualMachine.attach() interactions) or profiling file handling, the lack of concrete code context prevents high-confidence identification of specific functions.