CVE-2021-3644

2022-08-2616:15:09

CWE-200

[email protected]

web.nvd.nist.gov

wildfly-core

unauthorized access

vault expressions

data confidentiality

integrity

CVSS3

3.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

38.6%

JSON

A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.

Affected configurations

Nvd

Node

redhatdescision_managerMatch7.0

redhatwildflyMatch16.0.0-

redhatwildflyMatch17.0.0beta2

VendorProductVersionCPE
redhatdescision_manager7.0cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*
redhatwildfly16.0.0cpe:2.3:a:redhat:wildfly:16.0.0:-:*:*:*:*:*:*
redhatwildfly17.0.0cpe:2.3:a:redhat:wildfly:17.0.0:beta2:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	descision_manager	7.0	cpe:2.3:a:redhat:descision_manager:7.0:::::::*
redhat	wildfly	16.0.0	cpe:2.3:a:redhat:wildfly:16.0.0:-::::::
redhat	wildfly	17.0.0	cpe:2.3:a:redhat:wildfly:17.0.0:beta2::::::