Vulnerability Name: | CVE-2021-3642 (CCN-206866) | ||||||||||||
Assigned: | 2021-07-12 | ||||||||||||
Published: | 2021-07-12 | ||||||||||||
Updated: | 2021-10-20 | ||||||||||||
Summary: | A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. | ||||||||||||
CVSS v3 Severity: | 5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) 4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
2.7 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N)
| ||||||||||||
Vulnerability Type: | CWE-203 | ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-3642 Source: CCN Type: Red Hat Bugzilla - Bug 1981407 CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer Source: MISC Type: Issue Tracking, Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1981407 Source: XF Type: UNKNOWN wildfly-cve20213642-info-disc(206866) Source: CCN Type: WildFly Web site WildFly Elytron is a set of Java APIs and SPIs for application server and client side security. | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: ![]() | ||||||||||||
BACK |