CVE-2021-3644

CWE-200 — Information Exposure CWE-416 — Use After Free6 documents5 sources

Severity

3.3LOW

EPSS

0.4%

top 36.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Descision Manager Redhat Wildfly

Timeline

PublishedAug 26

Latest updateMar 4

Description

A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:NExploitability: 0.7 | Impact: 2.5

Affected Packages4 packages

▶Mavenorg.wildfly.core:wildfly-server17.0.0.Beta2 — 17.0.0.Beta3+1

▶CVEListV5wildfly-coreFixed in 16.0.1.Final, 17.0.0.Final and later.

▶NVDredhat/wildfly16.0.0, 17.0.0+1

▶NVDredhat/descision_manager7.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault↗2022-08-27

▶

OSV

wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault↗2022-08-27

▶

CVEList

CVE-2021-3644: A flaw was found in wildfly-core in all versions↗2022-08-26

▶

📋Vendor Advisories

Red Hat

kernel: hamradio: defer ax25 kfree after unregister_netdev↗2024-03-04

▶

Red Hat

wildfly-core: Invalid Sensitivity Classification of Vault Expression↗2021-07-14

▶