CVE-2021-3642
MEDIUMWildfly Elytron < 1.10.14 - Timing Attack via ScramServer
Title source: llmDescription
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1981407
Scores
CVSS v3
5.3
EPSS
0.0027
EPSS Percentile
50.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-203
Status
published
Products (14)
org.wildfly.security/wildfly-elytron
0 - 1.10.14Maven
quarkus/quarkus
< 2.1.4
redhat/build_of_quarkus
redhat/codeready_studio
12.0
redhat/data_grid
8.0
redhat/descision_manager
7.0
redhat/integration_camel_k
redhat/integration_camel_quarkus
redhat/jboss_enterprise_application_platform
7.0.0
redhat/jboss_enterprise_application_platform_expansion_pack
... and 4 more
Published
Aug 05, 2021
Tracked Since
Feb 18, 2026