Vulnerability Description
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Wildfly Elytron | < 1.10.14 |
| Redhat | Build Of Quarkus | - |
| Redhat | Codeready Studio | 12.0 |
| Redhat | Data Grid | 8.0 |
| Redhat | Descision Manager | 7.0 |
| Redhat | Integration Camel K | - |
| Redhat | Integration Camel Quarkus | All versions |
| Redhat | Jboss Enterprise Application Platform | 7.0.0 |
| Redhat | Jboss Enterprise Application Platform Expansion Pack | - |
| Redhat | Jboss Fuse | 7.0.0 |
| Redhat | Openshift Application Runtimes | - |
| Redhat | Process Automation | 7.0 |
| Quarkus | Quarkus | <= 2.1.4 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1981407Issue TrackingVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1981407Issue TrackingVendor Advisory
FAQ
What is CVE-2021-3642?
CVE-2021-3642 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest th...
How severe is CVE-2021-3642?
CVE-2021-3642 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3642?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Wildfly Elytron, Redhat Build Of Quarkus, Redhat Codeready Studio, Redhat Data Grid, Redhat Descision Manager.