Skip to main content

Exposure of Sensitive Information to an Unauthorized Actor

CVE-2021-3644

Severity Low
Score 3.3/10

Summary

A flaw was found in wildfly-core prior to 16.0.1.Final, and 17.0.x prior to 17.0.0.Beta3. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.

  • HIGH
  • NETWORK
  • LOW
  • UNCHANGED
  • NONE
  • HIGH
  • LOW
  • NONE

CWE-200 - Information Exposure

An information exposure vulnerability is categorized as an information flow (IF) weakness, which can potentially allow unauthorized access to otherwise classified information in the application, such as confidential personal information (demographics, financials, health records, etc.), business secrets, and the application's internal environment.

Advisory Timeline

  • Published