A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1981407 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
No history.
Information
Published : 2021-08-05 21:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-3642
Mitre link : CVE-2021-3642
CVE.ORG link : CVE-2021-3642
JSON object : View
Products Affected
redhat
- codeready_studio
- wildfly_elytron
- descision_manager
- jboss_enterprise_application_platform
- build_of_quarkus
- integration_camel_quarkus
- jboss_fuse
- openshift_application_runtimes
- process_automation
- jboss_enterprise_application_platform_expansion_pack
- integration_camel_k
- data_grid
quarkus
- quarkus
CWE
CWE-203
Observable Discrepancy