CVE-2021-3503

CWE-200 — Information Exposure5 documents5 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 44.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Wildfly

Timeline

PublishedApr 18

Latest updateApr 19

Description

A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶Mavenorg.wildfly:wildfly-metrics< 23.0.1.Final

▶NVDredhat/wildfly< 23.0.1

▶CVEListV5wildflyFixed in 23.0.1.Final

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Metrics exposure in Wildfly↗2022-04-19

▶

GHSA

Metrics exposure in Wildfly↗2022-04-19

▶

CVEList

CVE-2021-3503: A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data↗2022-04-18

▶

📋Vendor Advisories

Red Hat

wildfly: Insufficient RBAC restrictions to metrics data↗2021-04-09

▶