CVE-2021-3642
Description
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.267
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-3642 are fixed in Wildfly--elytron 1.10.14 | Windows |
| Vulnerabilities CVE-2021-3642 are fixed in Wildfly--elytron 1.15.5 | Windows |
| Vulnerabilities CVE-2021-3642 are fixed in Wildfly--elytron 1.16.1 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.0.0 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 2.3 | Windows |
| Multiple Vulnerabilities are affected in Red Hat Data Grid 8 8.0 | Windows |
| Vulnerabilities CVE-2021-3642 are fixed in Wildfly--elytron for Linux 1.10.14 | Linux |
| Vulnerabilities CVE-2021-3642 are fixed in Wildfly--elytron for Linux 1.15.5 | Linux |
| Vulnerabilities CVE-2021-3642 are fixed in Wildfly--elytron for Linux 1.16.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234