CVE-2021-3642
Last modified
CVE-2021-3642 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.. EPSS estimates a 0.85% chance of exploitation in the next 30 days.
Description
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
Metrics
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Wildfly Elytron | < 1.10.14 |
| Redhat | Wildfly Elytron | >= 1.11.0, < 1.15.5 |
| Redhat | Wildfly Elytron | >= 1.16.0, < 1.16.1 |
| Redhat | Build Of Quarkus | All versions |
| Redhat | Codeready Studio | 12.0 |
| Redhat | Data Grid | 8.0 |
| Redhat | Descision Manager | 7.0 |
| Redhat | Integration Camel K | All versions |
| Redhat | Integration Camel Quarkus | All versions |
| Redhat | Jboss Enterprise Application Platform | 7.0.0 |
| Redhat | Jboss Enterprise Application Platform Expansion Pack | All versions |
| Redhat | Jboss Fuse | 7.0.0 |
| Redhat | Openshift Application Runtimes | All versions |
| Redhat | Process Automation | 7.0 |
| Quarkus | Quarkus | <= 2.1.4 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1981407Issue Tracking, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1981407Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-3642?
How severe is CVE-2021-3642?
How do I fix CVE-2021-3642?
Are you affected by CVE-2021-3642?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST