CVE-2021-3642

moderate-risk

Published 2021-08-05

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.

Do I need to act?

0.27% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / HIGH complexity

Affected Products (13)

Wildfly Elytron

Build Of Quarkus

Codeready Studio

Data Grid

Descision Manager

Integration Camel K

Integration Camel Quarkus

Jboss Enterprise Application Platform

Jboss Enterprise Application Platform Expansion Pack

Jboss Fuse

Openshift Application Runtimes

Process Automation

Quarkus

Affected Vendors

Redhat Quarkus

References (2)

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1981407

/ 100

moderate-risk

Severity 17/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 17/34 · Moderate