redhat wildfly-elytron CVE-2021-3642 in Red Hat and Quarkus Products
Published on August 5, 2021

product logo product logo
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.

NVD

Weakness Type

What is a Side Channel Attack Vulnerability?

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. Discrepancies can take many forms, and variations may be detectable in timing, control flow, communications such as replies or requests, or general behavior. These discrepancies can reveal information about the product's operation or internal state to an unauthorized actor. In some cases, discrepancies can be used by attackers to form a side channel.

CVE-2021-3642 has been classified to as a Side Channel Attack vulnerability or weakness.


Products Associated with CVE-2021-3642

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-3642 are published in these products:

Red Hat Wildfly Elytron
 
Red Hat Build Of Quarkus
 
Red Hat Codeready Studio
 
Red Hat Data Grid
 
Red Hat Descision Manager
 
Red Hat Integration Camel K
 
Red Hat Integration Camel Quarkus
 
Red Hat Jboss Enterprise Application Platform
 
Red Hat Jboss Enterprise Application Platform Expansion Pack
 
Red Hat Jboss Fuse
 
Red Hat Openshift Application Runtimes
 
Red Hat Process Automation
 
Quarkus
 

Exploit Probability

EPSS
0.27%
Percentile
49.90%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.