2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2021-3642" ,
"sourceIdentifier" : "secalert@redhat.com" ,
"published" : "2021-08-05T21:15:13.183" ,
2024-11-23 15:12:23 +00:00
"lastModified" : "2024-11-21T06:22:03.467" ,
"vulnStatus" : "Modified" ,
2024-12-08 03:06:42 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality."
} ,
{
"lang" : "es" ,
"value" : "Se ha detectado un fallo en Wildfly Elytron en versiones anteriores a 1.10.14.Final, en versiones anteriores a la 1.15.5.Final y en versiones anteriores a la 1.16.1.Final donde ScramServer puede ser susceptible a Timing Attack si est\u00e1 habilitado. La mayor amenaza de esta vulnerabilidad es la confidencialidad."
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" ,
2024-11-23 15:12:23 +00:00
"baseScore" : 5.3 ,
"baseSeverity" : "MEDIUM" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "HIGH" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "NONE" ,
2024-11-23 15:12:23 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 1.6 ,
"impactScore" : 3.6
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:M/Au:S/C:P/I:N/A:N" ,
2024-11-23 15:12:23 +00:00
"baseScore" : 3.5 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "MEDIUM" ,
"authentication" : "SINGLE" ,
"confidentialityImpact" : "PARTIAL" ,
"integrityImpact" : "NONE" ,
2024-11-23 15:12:23 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "LOW" ,
"exploitabilityScore" : 6.8 ,
"impactScore" : 2.9 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "secalert@redhat.com" ,
2024-12-15 03:03:56 +00:00
"type" : "Primary" ,
2023-04-24 12:24:31 +02:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-203"
}
]
} ,
{
"source" : "nvd@nist.gov" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-203"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "1.10.14" ,
"matchCriteriaId" : "3CB7C68F-D18A-4F07-8505-4B116A719CE3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "1.11.0" ,
"versionEndExcluding" : "1.15.5" ,
"matchCriteriaId" : "B84CCC98-0A89-4B0E-BBBF-D31F274454E8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "1.16.0" ,
"versionEndExcluding" : "1.16.1" ,
"matchCriteriaId" : "23DE02D1-460C-4EE2-B7CA-E8FF2BAB928D"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CE29B9D6-63DC-4779-ACE8-4E51E6A0AF37"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1BAF877F-B8D5-4313-AC5C-26BB82006B30"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7095200A-4DAC-4433-99E8-86CA88E1E4D4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D5863BBF-829E-44EF-ACE8-61D5037251F6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B87C8AD3-8878-4546-86C2-BF411876648C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:integration_camel_quarkus:*:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5FC54571-8F52-434F-BE20-96ECFC7195F7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "72A54BDA-311C-413B-8E4D-388AD65A170A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0A24CBFB-4900-47A5-88D2-A44C929603DC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B40CCE4F-EA2C-453D-BB76-6388767E5C6D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A33441B3-B301-426C-A976-08CE5FE72EFB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "20A6B40D-F991-4712-8E30-5FE008505CB7"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "2.1.4" ,
"matchCriteriaId" : "68DC3D37-B532-4EEC-8D38-2710EBE2F85B"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1981407" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Issue Tracking" ,
"Vendor Advisory"
]
2024-11-23 15:12:23 +00:00
} ,
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1981407" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Issue Tracking" ,
"Vendor Advisory"
]
2023-04-24 12:24:31 +02:00
}
]
}
