CVE-2021-3503

Published: Apr 18, 2022Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality.

Affected (1)

Products: Redhat: Wildfly

Redhat

1 product

Wildfly

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Wildfly	Before 23.0.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

https://access.redhat.com/security/cve/CVE-2021-3503

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1942693

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://github.com/advisories/GHSA-c4r5-xvgw-2942

Source: secalert@redhat.com

Third Party Advisory

https://github.com/wildfly/wildfly/pull/14136

Source: secalert@redhat.com

PatchThird Party Advisory

https://issues.redhat.com/browse/WFLY-11933

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2021-3503