CVE-2021-3642

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1981407 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_quarkus:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*

History

20 Oct 2021, 14:36

Type Values Removed Values Added
CPE cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*

30 Aug 2021, 18:15

Type Values Removed Values Added
Summary A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. This flaw affectes Wildfly Elytron versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final. A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.

13 Aug 2021, 17:56

Type Values Removed Values Added
CWE CWE-203
CPE cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_quarkus:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1981407 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1981407 - Issue Tracking, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 5.3

05 Aug 2021, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-08-05 21:15

Updated : 2021-10-20 14:36


NVD link : CVE-2021-3642

Mitre link : CVE-2021-3642


JSON object : View

Products Affected

redhat

  • integration_camel_quarkus
  • descision_manager
  • integration_camel_k
  • jboss_enterprise_application_platform
  • openshift_application_runtimes
  • codeready_studio
  • data_grid
  • build_of_quarkus
  • jboss_fuse
  • process_automation
  • wildfly_elytron
  • jboss_enterprise_application_platform_expansion_pack

quarkus

  • quarkus
CWE
CWE-203

Observable Discrepancy