CVE-2021-3644 - OpenCVE

A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Descision Manager Jboss Enterprise Application Platform Jboss Enterprise Bpms Platform Jboss Fuse Jbosseapxp Red Hat Single Sign On Wildfly

Configuration 1 [-]

OR	cpe:2.3:a:redhat:descision_manager:7.0:::::::*
	cpe:2.3:a:redhat:wildfly:16.0.0:-::::::
	cpe:2.3:a:redhat:wildfly:17.0.0:beta2::::::

Package	CPE	Advisory	Released Date
EAP 7.3.9 release
wildfly-core	cpe:/a:redhat:jboss_enterprise_application_platform:7.3	RHSA-2021:3471	2021-09-08T00:00:00Z
EAP 7.4.1 release
	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2021:3660	2021-09-23T00:00:00Z
Red Hat EAP-XP 2.0.0 via EAP 7.3.x base
wildfly-core	cpe:/a:redhat:jbosseapxp	RHSA-2021:3516	2021-09-13T00:00:00Z
Red Hat Fuse 7.11
wildfly-core	cpe:/a:redhat:jboss_fuse:7	RHSA-2022:5532	2022-07-07T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6
eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:3466	2021-09-08T00:00:00Z
eap7-hal-console-0:3.2.16-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:3466	2021-09-08T00:00:00Z
eap7-hibernate-0:5.3.20-4.SP2_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:3466	2021-09-08T00:00:00Z
eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:3466	2021-09-08T00:00:00Z
eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:3466	2021-09-08T00:00:00Z
eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:3466	2021-09-08T00:00:00Z
eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:3466	2021-09-08T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-9.Final_redhat_00010.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:3466	2021-09-08T00:00:00Z
eap7-narayana-0:5.9.12-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:3466	2021-09-08T00:00:00Z
eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:3466	2021-09-08T00:00:00Z
eap7-undertow-0:2.0.39-1.SP2_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:3466	2021-09-08T00:00:00Z
eap7-wildfly-0:7.3.9-2.GA_redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:3466	2021-09-08T00:00:00Z
eap7-wildfly-http-client-0:1.0.29-1.Final_redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:3466	2021-09-08T00:00:00Z
eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:3466	2021-09-08T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7
eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:3467	2021-09-08T00:00:00Z
eap7-hal-console-0:3.2.16-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:3467	2021-09-08T00:00:00Z
eap7-hibernate-0:5.3.20-4.SP2_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:3467	2021-09-08T00:00:00Z
eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:3467	2021-09-08T00:00:00Z
eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:3467	2021-09-08T00:00:00Z
eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:3467	2021-09-08T00:00:00Z
eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:3467	2021-09-08T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-9.Final_redhat_00010.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:3467	2021-09-08T00:00:00Z
eap7-narayana-0:5.9.12-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:3467	2021-09-08T00:00:00Z
eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:3467	2021-09-08T00:00:00Z
eap7-undertow-0:2.0.39-1.SP2_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:3467	2021-09-08T00:00:00Z
eap7-wildfly-0:7.3.9-2.GA_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:3467	2021-09-08T00:00:00Z
eap7-wildfly-http-client-0:1.0.29-1.Final_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:3467	2021-09-08T00:00:00Z
eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:3467	2021-09-08T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8
eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:3468	2021-09-08T00:00:00Z
eap7-hal-console-0:3.2.16-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:3468	2021-09-08T00:00:00Z
eap7-hibernate-0:5.3.20-4.SP2_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:3468	2021-09-08T00:00:00Z
eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:3468	2021-09-08T00:00:00Z
eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:3468	2021-09-08T00:00:00Z
eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:3468	2021-09-08T00:00:00Z
eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:3468	2021-09-08T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-9.Final_redhat_00010.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:3468	2021-09-08T00:00:00Z
eap7-narayana-0:5.9.12-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:3468	2021-09-08T00:00:00Z
eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:3468	2021-09-08T00:00:00Z
eap7-undertow-0:2.0.39-1.SP2_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:3468	2021-09-08T00:00:00Z
eap7-wildfly-0:7.3.9-2.GA_redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:3468	2021-09-08T00:00:00Z
eap7-wildfly-http-client-0:1.0.29-1.Final_redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:3468	2021-09-08T00:00:00Z
eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:3468	2021-09-08T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2021:3658	2021-09-23T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2021:3656	2021-09-23T00:00:00Z
Red Hat Single Sign-On 7.4.9
wildfly-core	cpe:/a:redhat:red_hat_single_sign_on:7	RHSA-2021:3534	2021-09-14T00:00:00Z
RHPAM 7.13.0 async
wildfly-core	cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13	RHSA-2022:5903	2022-08-04T00:00:00Z

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2021-3644
https://bugzilla.redhat.com/show_bug.cgi?id=1976052
https://github.com/wildfly/wildfly-core/commit/06dd9884f6ba50470b1fb5a35198a8784f037714
https://github.com/wildfly/wildfly-core/commit/6d8db43cd43b5994b7a14003db978064e086090b
https://github.com/wildfly/wildfly-core/pull/4668
https://issues.redhat.com/browse/WFCORE-5511
https://nvd.nist.gov/vuln/detail/CVE-2021-3644
https://www.cve.org/CVERecord?id=CVE-2021-3644

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-08-26T15:25:40

Updated: 2024-08-03T17:01:08.319Z

Reserved: 2021-07-14T00:00:00

Link: CVE-2021-3644

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-08-26T16:15:09.163

Modified: 2022-08-31T20:02:01.757

Link: CVE-2021-3644

Redhat

Severity : Low

Publid Date: 2021-07-14T00:00:00Z

Links: CVE-2021-3644 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object