Miggo Logo
Miggo Vulnerability Database
CVE-2021-37942

CVE-2021-37942: APM Java Agent Local Privilege Escalation issue

7

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-37942
GHSA ID
GHSA-5xqm-hc45-f2g2
EPSS Score
0.27392%
CWE
CWE-269
Published
11/22/2023
Updated
11/22/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
co.elastic.apm:apm-agent-parentmaven>= 1.18.0, < 1.27.11.27.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper privilege management (CWE-269) during plugin loading. The APM Java agent allows local users to attach plugins, but the functions responsible for loading and executing plugin code (e.g., PluginManager.loadPlugins and AgentClassLoader.defineClass) lack sufficient security checks. This enables privilege escalation by loading untrusted plugins. The patch in version 1.27.1 likely introduced validation for plugin sources and privilege context, which aligns with the mitigation guidance to use the -javaagent-based installation method (which restricts dynamic attachment). The functions are inferred based on the vulnerability's mechanics and common Java agent design patterns.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* lo**l privil*** *s**l*tion issu* w*s *oun* wit* t** *PM J*v* ***nt, w**r* * us*r on t** syst*m *oul* *tt*** * m*li*ious plu*in to *n *ppli**tion runnin* t** *PM J*v* ***nt. *y usin* t*is vuln*r**ility, *n *tt**k*r *oul* *x**ut* *o** *t * pot*nti*ll

Reasoning

T** vuln*r**ility st*ms *rom improp*r privil*** m*n***m*nt (*W*-***) *urin* plu*in lo**in*. T** *PM J*v* ***nt *llows lo**l us*rs to *tt*** plu*ins, *ut t** *un*tions r*sponsi*l* *or lo**in* *n* *x**utin* plu*in *o** (*.*., `Plu*inM*n***r.lo**Plu*ins