Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.4
CVSSv3

CVE-2022-3143

Published: 13/01/2023 Updated: 25/01/2023
CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2
VMScore: 0
Subscribe to Redhat

Vulnerability Summary

wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an malicious user to access secure information or impersonate an authed user.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat wildfly elytron 1.15.15

redhat jboss enterprise application platform 7.0.0

Vendor Advisories

Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 749 Security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Enterprise Application Platform 74 for ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 749 Security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 74 Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services
Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2022-3143, CVE-2022-41881, CVE-2022-42003, CVE-2022-42004, CVE-2022-45787, CVE-2023-0264, CVE-2023-0482, CVE-2023-2454 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

References

CWE-203https://access.redhat.com/security/cve/CVE-2022-3143https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2023:0554https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-143/index.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook