Home > Vulnerability Database > CVE-2021-3644

Mend.io Vulnerability Database

CVE-2021-3644

Good to know:

Date: August 26, 2022

A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.

Language: Java

Severity Score

3.3

Related Resources (9)

Url: https://github.com/wildfly/wildfly-core/pull/4668

Url: https://issues.redhat.com/browse/WFCORE-5511

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1976052

Url: https://github.com/wildfly/wildfly-core/commit/6d8db43cd43b5994b7a14003db978064e086090b

Url: https://github.com/wildfly/wildfly-core/commit/06dd9884f6ba50470b1fb5a35198a8784f037714

Url: https://github.com/wildfly/wildfly-core

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-3644

Url: https://access.redhat.com/security/cve/CVE-2021-3644

Url: https://www.mend.io/vulnerability-database/CVE-2021-3644

Severity Score

3.3

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version org.wildfly.core:wildfly-controller:16.0.1.Final

Learn More

CVSS v3.1

Base Score:	3.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2021-3644

Good to know:

Date: August 26, 2022

Language: Java

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?