CVE-2021-3642

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1981407 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_quarkus:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-08-05 21:15

Updated : 2024-02-28 18:28


NVD link : CVE-2021-3642

Mitre link : CVE-2021-3642

CVE.ORG link : CVE-2021-3642


JSON object : View

Products Affected

quarkus

  • quarkus

redhat

  • wildfly_elytron
  • process_automation
  • integration_camel_k
  • codeready_studio
  • jboss_enterprise_application_platform_expansion_pack
  • jboss_enterprise_application_platform
  • jboss_fuse
  • openshift_application_runtimes
  • build_of_quarkus
  • integration_camel_quarkus
  • data_grid
  • descision_manager
CWE
CWE-203

Observable Discrepancy