APM Java Agent Local Privilege Escalation issue (ESA-2021-28)
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of permissions than they possess.
Versions 1.10.0 through 1.26.0
Solutions and Mitigations:
CVSSv3: 7.0 - AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE ID: CVE-2021-37940