CVE-2021-3644

Name: CVE-2021-3644
Creator: NVD / NIST
Published: 2022-08-26T16:15:09.163+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

LOWCVSS 3.3/10EPSS 0.73%

Last modified Jun 17, 2026

CVE-2021-3644 is a low-severity vulnerability rated 3.3/10 on the CVSS scale. A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. EPSS estimates a 0.73% chance of exploitation in the next 30 days.

Description

A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.

Metrics

CVSS 3.1

3.3/10

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

EPSS Probability

0.73%

49.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions	Update
Redhat	Descision Manager	7.0	—
Redhat	Wildfly	16.0.0	—
Redhat	Wildfly	17.0.0	Beta2

References

https://access.redhat.com/security/cve/CVE-2021-3644Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1976052Issue Tracking, Vendor Advisory
https://github.com/wildfly/wildfly-core/commit/06dd9884f6ba50470b1fb5a35198a8784f037714Patch, Third Party Advisory
https://github.com/wildfly/wildfly-core/commit/6d8db43cd43b5994b7a14003db978064e086090bPatch, Third Party Advisory
https://github.com/wildfly/wildfly-core/pull/4668Patch, Third Party Advisory
https://issues.redhat.com/browse/WFCORE-5511Patch, Vendor Advisory
https://access.redhat.com/security/cve/CVE-2021-3644Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1976052Issue Tracking, Vendor Advisory
https://github.com/wildfly/wildfly-core/commit/06dd9884f6ba50470b1fb5a35198a8784f037714Patch, Third Party Advisory
https://github.com/wildfly/wildfly-core/commit/6d8db43cd43b5994b7a14003db978064e086090bPatch, Third Party Advisory
https://github.com/wildfly/wildfly-core/pull/4668Patch, Third Party Advisory
https://issues.redhat.com/browse/WFCORE-5511Patch, Vendor Advisory

Timeline

Published: Aug 26, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-3644?

How severe is CVE-2021-3644?

CVE-2021-3644 has a CVSS score of 3.3/10 (LOW severity). The EPSS model estimates a 0.73% probability of exploitation in the next 30 days.

How do I fix CVE-2021-3644?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-3644?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST