{"containers": {"cna": {"affected": [{"product": "wildfly-elytron", "vendor": "n/a", "versions": [{"status": "affected", "version": "Wildfly Elytron 1.10.14.Final, Wildfly Elytron 1.15.5.Final, Wildfly Elytron 1.16.1.Final"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-203", "description": "CWE-203", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-30T17:37:38", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3642", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "wildfly-elytron", "version": {"version_data": [{"version_value": "Wildfly Elytron 1.10.14.Final, Wildfly Elytron 1.15.5.Final, Wildfly Elytron 1.16.1.Final"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-203"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:01:07.598Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3642", "datePublished": "2021-08-05T20:48:01", "dateReserved": "2021-07-12T00:00:00", "dateUpdated": "2024-08-03T17:01:07.598Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CB7C68F-D18A-4F07-8505-4B116A719CE3", "versionEndExcluding": "1.10.14", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*", "matchCriteriaId": "B84CCC98-0A89-4B0E-BBBF-D31F274454E8", "versionEndExcluding": "1.15.5", "versionStartIncluding": "1.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*", "matchCriteriaId": "23DE02D1-460C-4EE2-B7CA-E8FF2BAB928D", "versionEndExcluding": "1.16.1", "versionStartIncluding": "1.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE29B9D6-63DC-4779-ACE8-4E51E6A0AF37", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "1BAF877F-B8D5-4313-AC5C-26BB82006B30", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "7095200A-4DAC-4433-99E8-86CA88E1E4D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "D5863BBF-829E-44EF-ACE8-61D5037251F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*", "matchCriteriaId": "B87C8AD3-8878-4546-86C2-BF411876648C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:integration_camel_quarkus:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FC54571-8F52-434F-BE20-96ECFC7195F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "72A54BDA-311C-413B-8E4D-388AD65A170A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A24CBFB-4900-47A5-88D2-A44C929603DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B40CCE4F-EA2C-453D-BB76-6388767E5C6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*", "matchCriteriaId": "A33441B3-B301-426C-A976-08CE5FE72EFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "20A6B40D-F991-4712-8E30-5FE008505CB7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*", "matchCriteriaId": "68DC3D37-B532-4EEC-8D38-2710EBE2F85B", "versionEndIncluding": "2.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality."}, {"lang": "es", "value": "Se ha detectado un fallo en Wildfly Elytron en versiones anteriores a 1.10.14.Final, en versiones anteriores a la 1.15.5.Final y en versiones anteriores a la 1.16.1.Final donde ScramServer puede ser susceptible a Timing Attack si est\u00e1 habilitado. La mayor amenaza de esta vulnerabilidad es la confidencialidad."}], "id": "CVE-2021-3642", "lastModified": "2024-11-21T06:22:03.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-05T21:15:13.183", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2021:5154", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3", "package": "wildfly-elytron", "product_name": "EAP 7.3.10 GA", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:3660", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "product_name": "EAP 7.4.1 release", "release_date": "2021-09-23T00:00:00Z"}, {"advisory": "RHSA-2021:3880", "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "package": "wildfly-elytron", "product_name": "Red Hat build of Quarkus 2.2.3", "release_date": "2021-10-20T00:00:00Z"}, {"advisory": "RHSA-2022:0520", "cpe": "cpe:/a:redhat:jboss_data_grid:8", "package": "wildfly-elytron", "product_name": "Red Hat Data Grid 8.3.0", "release_date": "2022-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:0146", "cpe": "cpe:/a:redhat:jbosseapxp", "package": "wildfly-elytron", "product_name": "Red Hat EAP-XP 2 via EAP 7.3.x base", "release_date": "2022-01-17T00:00:00Z"}, {"advisory": "RHSA-2022:5532", "cpe": "cpe:/a:redhat:jboss_fuse:7", "package": "wildfly-elytron", "product_name": "Red Hat Fuse 7.11", "release_date": "2022-07-07T00:00:00Z"}, {"advisory": "RHSA-2021:4767", "cpe": "cpe:/a:redhat:camel_quarkus:2.2", "impact": "low", "package": "wildfly-elytron", "product_name": "Red Hat Integration Camel Quarkus 1", "release_date": "2021-11-23T00:00:00Z"}, {"advisory": "RHSA-2021:5149", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5149", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-ironjacamar-0:1.5.3-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5149", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5149", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5149", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jboss-server-migration-0:1.7.2-10.Final_redhat_00011.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5149", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5149", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-resteasy-0:3.11.5-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5149", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-undertow-0:2.0.41-1.SP1_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5149", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-wildfly-0:7.3.10-2.GA_redhat_00003.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5149", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-wildfly-elytron-0:1.10.15-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5149", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5149", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5150", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5150", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-ironjacamar-0:1.5.3-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5150", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5150", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5150", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jboss-server-migration-0:1.7.2-10.Final_redhat_00011.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5150", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5150", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-resteasy-0:3.11.5-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5150", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-undertow-0:2.0.41-1.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5150", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-wildfly-0:7.3.10-2.GA_redhat_00003.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5150", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-wildfly-elytron-0:1.10.15-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5150", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5150", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-ironjacamar-0:1.5.3-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jboss-server-migration-0:1.7.2-10.Final_redhat_00011.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-resteasy-0:3.11.5-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-undertow-0:2.0.41-1.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-wildfly-0:7.3.10-2.GA_redhat_00003.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-wildfly-elytron-0:1.10.15-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:5151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:3658", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2021-09-23T00:00:00Z"}, {"advisory": "RHSA-2021:3656", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2021-09-23T00:00:00Z"}, {"advisory": "RHSA-2021:5170", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "package": "wildfly-elytron", "product_name": "Red Hat Single Sign-On 7.4.10", "release_date": "2021-12-15T00:00:00Z"}, {"advisory": "RHSA-2022:1179", "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "package": "wildfly-elytron", "product_name": "Red Hat Support for Spring Boot 2.5.10", "release_date": "2022-04-12T00:00:00Z"}, {"advisory": "RHSA-2022:5903", "cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", "package": "wildfly-elytron", "product_name": "RHPAM 7.13.0 async", "release_date": "2022-08-04T00:00:00Z"}], "bugzilla": {"description": "wildfly-elytron: possible timing attack in ScramServer", "id": "1981407", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-203", "details": ["A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.", "A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality."], "name": "CVE-2021-3642", "package_state": [{"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Affected", "package_name": "wildfly-elytron", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_developer_studio:12.", "fix_state": "Will not fix", "package_name": "wildfly-elytron", "product_name": "Red Hat CodeReady Studio 12"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Fix deferred", "impact": "low", "package_name": "wildfly-elytron", "product_name": "Red Hat Integration Camel K 1"}], "public_date": "2021-06-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3642\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3642"], "threat_severity": "Moderate"}

{}