7

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2021-37942

GHSA ID

GHSA-5xqm-hc45-f2g2

EPSS Score

0.27392%

CWE

CWE-269

Published

11/22/2023

Updated

11/22/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-37942

CVE-2021-37942: APM Java Agent Local Privilege Escalation issue

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user typically has access to.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2021-37942

CVE-2021-37942:

7

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2021-37942

GHSA ID

GHSA-5xqm-hc45-f2g2

EPSS Score

0.27392%

CWE

CWE-269

Published

11/22/2023

Updated

11/22/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
co.elastic.apm:apm-agent-parent	maven	>= 1.18.0, < 1.27.1	1.27.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper privilege management (CWE-269) during plugin loading. The APM Java agent allows local users to attach plugins, but the functions responsible for loading and executing plugin code (e.g., PluginManager.loadPlugins and AgentClassLoader.defineClass) lack sufficient security checks. This enables privilege escalation by loading untrusted plugins. The patch in version 1.27.1 likely introduced validation for plugin sources and privilege context, which aligns with the mitigation guidance to use the -javaagent-based installation method (which restricts dynamic attachment). The functions are inferred based on the vulnerability's mechanics and common Java agent design patterns.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2021-37942: APM Java Agent Local Privilege Escalation issue

CVE-2021-37942:

7

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2021-37942: APM Java Agent Local Privilege Escalation issue

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

7

7

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI