Vulnerabilities > CVE-2021-3642 - Information Exposure Through Discrepancy vulnerability in multiple products

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
high complexity
redhat
quarkus
CWE-203

Summary

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.

Vulnerable Configurations

Part Description Count
Application
Redhat
227
Application
Quarkus
150

Common Weakness Enumeration (CWE)