CVE-2021-3642

{"id": "CVE-2021-3642", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2021-08-05T21:15:13.183", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-203"}]}, {"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality."}, {"lang": "es", "value": "Se ha detectado un fallo en Wildfly Elytron en versiones anteriores a 1.10.14.Final, en versiones anteriores a la 1.15.5.Final y en versiones anteriores a la 1.16.1.Final donde ScramServer puede ser susceptible a Timing Attack si est\u00e1 habilitado. La mayor amenaza de esta vulnerabilidad es la confidencialidad."}], "lastModified": "2024-11-21T06:22:03.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CB7C68F-D18A-4F07-8505-4B116A719CE3", "versionEndExcluding": "1.10.14"}, {"criteria": "cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B84CCC98-0A89-4B0E-BBBF-D31F274454E8", "versionEndExcluding": "1.15.5", "versionStartIncluding": "1.11.0"}, {"criteria": "cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23DE02D1-460C-4EE2-B7CA-E8FF2BAB928D", "versionEndExcluding": "1.16.1", "versionStartIncluding": "1.16.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE29B9D6-63DC-4779-ACE8-4E51E6A0AF37"}, {"criteria": "cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BAF877F-B8D5-4313-AC5C-26BB82006B30"}, {"criteria": "cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7095200A-4DAC-4433-99E8-86CA88E1E4D4"}, {"criteria": "cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5863BBF-829E-44EF-ACE8-61D5037251F6"}, {"criteria": "cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B87C8AD3-8878-4546-86C2-BF411876648C"}, {"criteria": "cpe:2.3:a:redhat:integration_camel_quarkus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FC54571-8F52-434F-BE20-96ECFC7195F7"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72A54BDA-311C-413B-8E4D-388AD65A170A"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A24CBFB-4900-47A5-88D2-A44C929603DC"}, {"criteria": "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B40CCE4F-EA2C-453D-BB76-6388767E5C6D"}, {"criteria": "cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A33441B3-B301-426C-A976-08CE5FE72EFB"}, {"criteria": "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20A6B40D-F991-4712-8E30-5FE008505CB7"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68DC3D37-B532-4EEC-8D38-2710EBE2F85B", "versionEndIncluding": "2.1.4"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}