ByteOS Network

Vulnerability Details :

CVE-2021-3503

Assigner-redhat

Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749

Published At-18 Apr, 2022 | 16:20

Updated At-03 Aug, 2024 | 16:53

A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:redhat

Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749

Published At:18 Apr, 2022 | 16:20

Updated At:03 Aug, 2024 | 16:53

▼CVE Numbering Authority (CNA)

A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality.

Affected Products

Vendor

n/a

Product

wildfly

Versions

Affected

Fixed in 23.0.1.Final

Problem Types

Type	CWE ID	Description
CWE	CWE-200	CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Type: CWE

CWE ID: CWE-200

Description: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

References

Hyperlink	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1942693	x_refsource_MISC
https://issues.redhat.com/browse/WFLY-11933	x_refsource_MISC
https://github.com/wildfly/wildfly/pull/14136	x_refsource_MISC
https://github.com/advisories/GHSA-c4r5-xvgw-2942	x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2021-3503	x_refsource_MISC

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1942693

Resource:

x_refsource_MISC

Hyperlink: https://issues.redhat.com/browse/WFLY-11933

Resource:

x_refsource_MISC

Hyperlink: https://github.com/wildfly/wildfly/pull/14136

Resource:

x_refsource_MISC

Hyperlink: https://github.com/advisories/GHSA-c4r5-xvgw-2942

Resource:

x_refsource_MISC

Hyperlink: https://access.redhat.com/security/cve/CVE-2021-3503

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1942693	x_refsource_MISC x_transferred
https://issues.redhat.com/browse/WFLY-11933	x_refsource_MISC x_transferred
https://github.com/wildfly/wildfly/pull/14136	x_refsource_MISC x_transferred
https://github.com/advisories/GHSA-c4r5-xvgw-2942	x_refsource_MISC x_transferred
https://access.redhat.com/security/cve/CVE-2021-3503	x_refsource_MISC x_transferred

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1942693

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://issues.redhat.com/browse/WFLY-11933

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://github.com/wildfly/wildfly/pull/14136

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://github.com/advisories/GHSA-c4r5-xvgw-2942

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://access.redhat.com/security/cve/CVE-2021-3503

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:secalert@redhat.com

Published At:18 Apr, 2022 | 17:15

Updated At:25 Oct, 2022 | 20:20

A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary	2.0	4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N

Type: Primary

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Type: Primary

Version: 2.0

Base score: 4.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:P/I:N/A:N

CPE Matches

Red Hat, Inc.

>>wildfly>>Versions before 23.0.1(exclusive)

cpe:2.3:a:redhat:wildfly:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov
CWE-200	Secondary	secalert@redhat.com

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-200

Type: Secondary