CVE-2021-3644

2022-08-2616:15:09

CWE-200

redhat

web.nvd.nist.gov

cve-2021-3644

wildfly-core

vulnerability

data confidentiality

integrity

nvd

access control

CVSS3

3.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

AI Score

3.7

Confidence

High

EPSS

0.001

Percentile

38.6%

JSON

A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.

Affected configurations

Nvd

Vulners

Node

redhatdescision_managerMatch7.0

redhatwildflyMatch16.0.0-

redhatwildflyMatch17.0.0beta2

VendorProductVersionCPE
redhatdescision_manager7.0cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*
redhatwildfly16.0.0cpe:2.3:a:redhat:wildfly:16.0.0:-:*:*:*:*:*:*
redhatwildfly17.0.0cpe:2.3:a:redhat:wildfly:17.0.0:beta2:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	descision_manager	7.0	cpe:2.3:a:redhat:descision_manager:7.0:::::::*
redhat	wildfly	16.0.0	cpe:2.3:a:redhat:wildfly:16.0.0:-::::::
redhat	wildfly	17.0.0	cpe:2.3:a:redhat:wildfly:17.0.0:beta2::::::

CNA Affected

[
  {
    "product": "wildfly-core",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in 16.0.1.Final, 17.0.0.Final and later."
      }
    ]
  }
]