Red Hat Wildfly Elytron 1.2.0 Beta 1

CPE Details

Red Hat Wildfly Elytron 1.2.0 Beta 1
redhat
wildfly_elytron
1.2.0
2020-09-23
13h11 +00:00
2021-04-20
16h03 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:wildfly_elytron:1.2.0:beta1:*:*:*:*:*:*

Informations

Vendor

redhat

Product

wildfly_elytron

Version

1.2.0

Update

beta1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-3642 2021-08-05 18h48 +00:00 A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
5.3
Medium
CVE-2020-10714 2020-09-23 10h28 +00:00 A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.5
High
CVE-2020-1748 2020-09-16 13h27 +00:00 A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.
7.5
High