Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2021-3644
HistoryJul 15, 2021 - 1:51 a.m.

CVE-2021-3644

2021-07-1501:51:57
redhat.com
access.redhat.com
79
vulnerability
wildfly-core
unauthorized access
sensitive data

CVSS3

3.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

38.6%

JSON

A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.

Related

prion 1
cvelist 1
osv 3
github 1
cve 1
nvd 1
redhat 11
nessus 5
prion
prion
Design/Logic Flaw
2022-08-26 16:15:00
cvelist
cvelist
CVE-2021-3644
2022-08-26 15:25:40
osv
osv
BIT-wildfly-2021-3644
2024-03-06 11:08:38
CVE-2021-3644
2022-08-26 16:15:09
wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault
2022-08-27 00:00:45
github
github
wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault
2022-08-27 00:00:45
cve
cve
CVE-2021-3644
2022-08-26 16:15:09
nvd
nvd
CVE-2021-3644
2022-08-26 16:15:09
redhat
redhat
(RHSA-2021:3516) Important: EAP XP 2 security update to CVE fixes in the EAP 7.3.x base
2021-09-13 17:30:33
(RHSA-2021:3467) Important: Red Hat JBoss Enterprise Application Platform 7.3.9 security update on RHEL 7
2021-09-08 11:39:02
(RHSA-2021:3468) Important: Red Hat JBoss Enterprise Application Platform 7.3.9 security update on RHEL 8
2021-09-08 11:39:05
nessus
nessus
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.9 security update on RHEL 7 (Important) (RHSA-2021:3467)
2022-09-15 00:00:00
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.9 security update on RHEL 8 (Important) (RHSA-2021:3468)
2022-09-15 00:00:00
RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.9 security update on RHEL 6 (Important) (RHSA-2021:3466)
2022-09-15 00:00:00

CVSS3

3.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

38.6%

JSON
Related for RH:CVE-2021-3644
prion1cvelist1osv3github1cve1nvd1redhat11nessus5