CVE-2021-3644

Name of the Vulnerable Software and Affected Versions wildfly-core versions prior to the fixed version

Description The issue is related to flaws in the access control mechanism of the wildfly-core Java application server. This could allow a remote attacker to impact the confidentiality and integrity of protected information. A user with access to the management interface may potentially access vault expressions they should not have access to, possibly retrieving stored items. The highest threat from this issue is to data confidentiality and integrity.

Recommendations For wildfly-core versions prior to the fixed version, consider restricting access to the management interface to minimize the risk of exploitation. As a temporary workaround, limit the use of vault expressions in single attributes that contain multiple expressions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.