{"id":"CVE-2021-3642","details":"A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.","aliases":["GHSA-5499-qjvh-6j7w"],"modified":"2026-04-11T12:36:41.338338Z","published":"2021-08-05T21:15:13.183Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"12.0"}],"cpe":"cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.0"}],"cpe":"cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"7.0"}],"cpe":"cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"7.0.0"}],"cpe":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"7.0.0"}],"cpe":"cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"7.0"}],"cpe":"cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*","source":"CPE_FIELD"}]},"references":[{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1981407"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/quarkusio/quarkus","events":[{"introduced":"0"},{"last_affected":"92813798228597fb35e97e41ce3d31e320fe947b"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"2.1.4"}],"cpe":"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["2.1.4.Final"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3642.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/wildfly-security/wildfly-elytron","events":[{"introduced":"0"},{"fixed":"c81df0bd62298f925f8a2a523434721c36d11a93"},{"introduced":"5097c8b55652bf4af725c1b8e12c3c49fb8e8583"},{"fixed":"250f676d8f72feec29b00a973facc82aa2604e79"},{"introduced":"68b2864c85e353808958ce54eb1b4e9087fb737d"},{"fixed":"ee74e5ad16d7b074676315e57e926b3def6d3366"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.10.14"},{"introduced":"1.11.0"},{"fixed":"1.15.5"},{"introduced":"1.16.0"},{"fixed":"1.16.1"}],"cpe":"cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["1.0.0.Alpha1","1.0.0.Alpha2","1.0.0.Alpha3","1.1.0.Alpha1","1.1.0.Beta1","1.1.0.Beta10","1.1.0.Beta11","1.1.0.Beta12","1.1.0.Beta13","1.1.0.Beta14","1.1.0.Beta15","1.1.0.Beta16","1.1.0.Beta17","1.1.0.Beta18","1.1.0.Beta19","1.1.0.Beta2","1.1.0.Beta20","1.1.0.Beta21","1.1.0.Beta22","1.1.0.Beta23","1.1.0.Beta24","1.1.0.Beta25","1.1.0.Beta26","1.1.0.Beta27","1.1.0.Beta28","1.1.0.Beta29","1.1.0.Beta3","1.1.0.Beta30","1.1.0.Beta31","1.1.0.Beta32","1.1.0.Beta33","1.1.0.Beta34","1.1.0.Beta35","1.1.0.Beta36","1.1.0.Beta37","1.1.0.Beta38","1.1.0.Beta39","1.1.0.Beta4","1.1.0.Beta40","1.1.0.Beta41","1.1.0.Beta42","1.1.0.Beta43","1.1.0.Beta44","1.1.0.Beta45","1.1.0.Beta46","1.1.0.Beta47","1.1.0.Beta48","1.1.0.Beta49","1.1.0.Beta5","1.1.0.Beta50","1.1.0.Beta51","1.1.0.Beta53","1.1.0.Beta54","1.1.0.Beta55","1.1.0.Beta6","1.1.0.Beta7","1.1.0.Beta8","1.1.0.Beta9","1.1.0.CR1","1.1.0.CR2","1.1.0.CR3","1.10.0.CR1","1.10.0.CR2","1.10.0.CR3","1.10.0.CR4","1.10.0.CR5","1.10.0.CR6","1.10.0.Final","1.10.1.Final","1.10.10.Final","1.10.11.Final","1.10.12.Final","1.10.13.Final","1.10.2.Final","1.10.3.Final","1.10.4.Final","1.10.5.Final","1.10.6.Final","1.10.7.Final","1.10.8.Final","1.10.9.Final","1.11.0.Final","1.11.1.Final","1.11.2.Final","1.11.3.Final","1.11.4.Final","1.12.0.CR1","1.12.0.CR2","1.12.0.CR3","1.12.0.Final","1.12.1.Final","1.13.0.CR1","1.13.0.CR2","1.13.0.CR3","1.13.0.CR4","1.13.0.Final","1.13.1.Final","1.13.2.Final","1.14.0.Final","1.14.1.Final","1.14.2.Final","1.15.0.CR1","1.15.0.Final","1.15.1.Final","1.15.2.Final","1.15.3.Final","1.15.4.Final","1.16.0.Final","1.2.0.Beta1","1.2.0.Beta10","1.2.0.Beta11","1.2.0.Beta12","1.2.0.Beta2","1.2.0.Beta3","1.2.0.Beta4","1.2.0.Beta5","1.2.0.Beta6","1.2.0.Beta7","1.2.0.Beta8","1.2.0.Beta9","1.2.0.Final","1.3.0.Final","1.4.0.Final","1.5.0.Final","1.5.1.Final","1.5.2.Final","1.5.3.Final","1.5.4.Final","1.5.5.Final","1.6.0.Final","1.7.0.CR1","1.7.0.CR2","1.7.0.CR3","1.7.0.Final","1.9.0.CR3","1.9.0.CR4","1.9.0.CR5","1.9.0.Final","1.9.1.Final"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3642.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}