Vulnerability in Quarkus
CVE-2021-3642
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confident…
EPSS: 0.008 (53.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Quarkus
- Redhat Build_of_quarkus
- Redhat Codeready_studio — versions 12.0
- Redhat Data_grid — versions 8.0
- Redhat Descision_manager — versions 7.0
- Redhat Integration_camel_k
- Redhat Integration_camel_quarkus
- Redhat Jboss_enterprise_application_platform — versions 7.0.0
- Redhat Jboss_enterprise_application_platform_expansion_pack
- Redhat Jboss_fuse — versions 7.0.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secalert@redhat.com (x_refsource_MISC, Issue Tracking, Vendor Advisory)
Frequently asked questions
- What is CVE-2021-3642?
- CVE-2021-3642 is a medium-severity vulnerability in Quarkus, classified under Observable Discrepancy. CVSS score: 5.3/10. Published 2021-08-05.
- How severe is CVE-2021-3642?
- Medium severity. CVSS v3 base score is 5.3 out of 10.
- Is CVE-2021-3642 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.