A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
References
| Link | Resource |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1981407 | Issue Tracking Vendor Advisory |
Advertisement
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2021-08-05 14:15
Updated : 2021-10-20 07:36
NVD link : CVE-2021-3642
Mitre link : CVE-2021-3642
JSON object : View
CWE
CWE-203
Observable Discrepancy
Advertisement
Products Affected
redhat
- jboss_enterprise_application_platform_expansion_pack
- wildfly_elytron
- jboss_enterprise_application_platform
- build_of_quarkus
- data_grid
- descision_manager
- jboss_fuse
- openshift_application_runtimes
- process_automation
- integration_camel_k
- integration_camel_quarkus
- codeready_studio
quarkus
- quarkus