CVE-2021-3644

low-risk
Published 2022-08-26

A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.

Do I need to act?

-
0.44% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10 Low
NETWORK / HIGH complexity

Affected Products (3)

Descision Manager
Wildfly
Wildfly

Affected Vendors

Redhat

References (12)

Vendor Advisory https://access.redhat.com/security/cve/CVE-2021-3644
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1976052
Patch https://github.com/wildfly/wildfly-core/commit/06dd9884f6ba50470b1fb5a35198a8784...
Patch https://github.com/wildfly/wildfly-core/commit/6d8db43cd43b5994b7a14003db978064e...
Patch https://github.com/wildfly/wildfly-core/pull/4668
Patch https://issues.redhat.com/browse/WFCORE-5511
Vendor Advisory https://access.redhat.com/security/cve/CVE-2021-3644
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1976052
Patch https://github.com/wildfly/wildfly-core/commit/06dd9884f6ba50470b1fb5a35198a8784...
Patch https://github.com/wildfly/wildfly-core/commit/6d8db43cd43b5994b7a14003db978064e...
Patch https://github.com/wildfly/wildfly-core/pull/4668
Patch https://issues.redhat.com/browse/WFCORE-5511
23
/ 100
low-risk
Severity 12/34 · Low
Exploitability 2/34 · Minimal
Exposure 9/34 · Low