Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of permissions than they possess. This vulnerability affects users that have set up the agent via the attacher cli 3, the attach API 2, as well as users that have enabled the profiling_inferred_spans_enabled option
CVSS Information
N/A
Vulnerability Type
特权管理不恰当
Vulnerability Title
GE APM 安全漏洞
Vulnerability Description
GE APM是美国通用电气(GE)公司的一款设备监控系统。该系统可以持续性对设备运行状态和故障进行监视。 GE APM Java agent 存在安全漏洞,该漏洞源于发现 APM Java agent 存在本地权限提升问题,系统上的用户可以将恶意文件附加到使用 APM Java 代理运行的应用程序。 使用此向量,恶意或受感染的用户帐户可以使用代理以比他们拥有的权限级别更高的权限运行命令。
CVSS Information
N/A
Vulnerability Type
N/A