GCVE - cpe:2.3:a:amazon_web_services:log4j-cve-2021-44228-hotpatch:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:amazon_web_services:log4j-cve-2021-44228-hotpatch:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Amazon Web Services (`5d7652a0-8bca-552e-a074-d3e048bf9da0`)
Product	Log4J Cve 2021 44228 Hotpatch (`67727413-7f2a-5c77-b3a8-2f4d4982b48d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-0070`	vulnerable	2026-06-08 05:39:09.194520	Log4j hot patch package privilege escalation HIGH (8.8) Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to. Published: 2022-04-19T22:15:23.412Z Updated: 2024-09-17T04:10:29.989Z Open on db.gcve.eu Reference links https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities https://alas.aws.amazon.com/cve/html/CVE-2022-0070.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-3100`	vulnerable	2026-06-08 05:33:50.776672	Log4j hot patch package privilege escalation HIGH (8.8) The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges. Published: 2022-04-19T22:15:19.689Z Updated: 2024-09-16T16:48:29.903Z Open on db.gcve.eu Reference links https://alas.aws.amazon.com/AL2/ALAS-2021-1732.html https://alas.aws.amazon.com/ALAS-2021-1554.html https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.