CVE-2021-3717

2022-05-2419:15:09

Google

osv.dev

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

12.6%

JSON

A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.

CPENameOperatorVersion
wildfly-coreeq3.0.0.Beta31
wildfly-coreeq3.0.0.Alpha14
wildfly-coreeq3.0.0.Alpha7
wildfly-coreeq3.0.0.Alpha16
wildfly-coreeq13.0.0.Final
wildfly-coreeq14.0.0.Beta4
wildfly-coreeq3.0.0.Beta7
wildfly-coreeq7.0.0.CR1
wildfly-coreeq16.0.0.Beta2
wildfly-coreeq2.0.3.Final

Name	Operator	Version
wildfly-core	eq	3.0.0.Beta31
wildfly-core	eq	3.0.0.Alpha14
wildfly-core	eq	3.0.0.Alpha7
wildfly-core	eq	3.0.0.Alpha16
wildfly-core	eq	13.0.0.Final
wildfly-core	eq	14.0.0.Beta4
wildfly-core	eq	3.0.0.Beta7
wildfly-core	eq	7.0.0.CR1
wildfly-core	eq	16.0.0.Beta2
wildfly-core	eq	2.0.3.Final