A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Quarkus
  • Quarkus
Redhat
  • Build Of Quarkus
  • Camel Quarkus
  • Codeready Studio
  • Data Grid
  • Descision Manager
  • Integration Camel K
  • Integration Camel Quarkus
  • Jboss Data Grid
  • Jboss Enterprise Application Platform
  • Jboss Enterprise Application Platform Expansion Pack
  • Jboss Enterprise Bpms Platform
  • Jboss Fuse
  • Jbosseapxp
  • Openshift Application Runtimes
  • Process Automation
  • Red Hat Single Sign On
  • Wildfly Elytron

Configuration 1 [-]

OR cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_quarkus:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*
Package CPE Advisory Released Date
EAP 7.3.10 GA
wildfly-elytron cpe:/a:redhat:jboss_enterprise_application_platform:7.3 RHSA-2021:5154 2021-12-15T00:00:00Z
EAP 7.4.1 release
cpe:/a:redhat:jboss_enterprise_application_platform:7.4 RHSA-2021:3660 2021-09-23T00:00:00Z
Red Hat build of Quarkus 2.2.3
wildfly-elytron cpe:/a:redhat:openshift_application_runtimes:1.0 RHSA-2021:3880 2021-10-20T00:00:00Z
Red Hat Data Grid 8.3.0
wildfly-elytron cpe:/a:redhat:jboss_data_grid:8 RHSA-2022:0520 2022-02-14T00:00:00Z
Red Hat EAP-XP 2 via EAP 7.3.x base
wildfly-elytron cpe:/a:redhat:jbosseapxp RHSA-2022:0146 2022-01-17T00:00:00Z
Red Hat Fuse 7.11
wildfly-elytron cpe:/a:redhat:jboss_fuse:7 RHSA-2022:5532 2022-07-07T00:00:00Z
Red Hat Integration Camel Quarkus
wildfly-elytron cpe:/a:redhat:camel_quarkus:2.2 RHSA-2021:4767 2021-11-23T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6
eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-ironjacamar-0:1.5.3-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-10.Final_redhat_00011.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-jsoup-0:1.14.2-1.redhat_00002.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-resteasy-0:3.11.5-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-undertow-0:2.0.41-1.SP1_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-wildfly-0:7.3.10-2.GA_redhat_00003.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-wildfly-elytron-0:1.10.15-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-wss4j-0:2.2.7-1.redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-xml-security-0:2.1.7-1.redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7
eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-ironjacamar-0:1.5.3-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-10.Final_redhat_00011.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-resteasy-0:3.11.5-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-undertow-0:2.0.41-1.SP1_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-wildfly-0:7.3.10-2.GA_redhat_00003.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-wildfly-elytron-0:1.10.15-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8
eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-ironjacamar-0:1.5.3-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-10.Final_redhat_00011.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-resteasy-0:3.11.5-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-undertow-0:2.0.41-1.SP1_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-wildfly-0:7.3.10-2.GA_redhat_00003.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-wildfly-elytron-0:1.10.15-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 RHSA-2021:3658 2021-09-23T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 RHSA-2021:3656 2021-09-23T00:00:00Z
Red Hat Single Sign-On 7.4.10
wildfly-elytron cpe:/a:redhat:red_hat_single_sign_on:7 RHSA-2021:5170 2021-12-15T00:00:00Z
Red Hat Support for Spring Boot 2.5.10
wildfly-elytron cpe:/a:redhat:openshift_application_runtimes:1.0 RHSA-2022:1179 2022-04-12T00:00:00Z
RHPAM 7.13.0 async
wildfly-elytron cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13 RHSA-2022:5903 2022-08-04T00:00:00Z
References
Link Providers
https://bugzilla.redhat.com/show_bug.cgi?id=1981407 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2021-3642 cve-icon
https://www.cve.org/CVERecord?id=CVE-2021-3642 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2021-08-05T20:48:01

Updated: 2024-08-03T17:01:07.598Z

Reserved: 2021-07-12T00:00:00

Link: CVE-2021-3642

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2021-08-05T21:15:13.183

Modified: 2021-10-20T14:36:57.747

Link: CVE-2021-3642

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-06-30T00:00:00Z

Links: CVE-2021-3642 - Bugzilla