Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe

Filtered by product Wildfly Elytron

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-20324	1 Redhat	6 Codeready Studio, Descision Manager, Jboss Enterprise Application Platform and 3 more	2022-04-26	5.8 MEDIUM	5.4 MEDIUM
A flaw was found in WildFly Elytron. A variation to the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication.
CVE-2021-3642	2 Quarkus, Redhat	13 Quarkus, Build Of Quarkus, Codeready Studio and 10 more	2021-10-20	3.5 LOW	5.3 MEDIUM
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.