Search for vulnerabilities
Vulnerability details: VCID-cevr-hgfk-aaae
Vulnerability ID VCID-cevr-hgfk-aaae
Aliases CVE-2021-3637
GHSA-2vp8-jv5v-6qh6
Summary Allocation of resources without limits or throttling in keycloak-model-infinispan
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-770 Allocation of Resources Without Limits or Throttling
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2021:3527
rhas Moderate https://access.redhat.com/errata/RHSA-2021:3528
rhas Moderate https://access.redhat.com/errata/RHSA-2021:3529
rhas Moderate https://access.redhat.com/errata/RHSA-2021:3534
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3637.json
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
epss 0.00853 https://api.first.org/data/v1/epss?cve=CVE-2021-3637
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1979638
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-2vp8-jv5v-6qh6
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2021-3637
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3637
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3637
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3637.json
https://api.first.org/data/v1/epss?cve=CVE-2021-3637
1979638 https://bugzilla.redhat.com/show_bug.cgi?id=1979638
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
CVE-2021-3637 https://nvd.nist.gov/vuln/detail/CVE-2021-3637
GHSA-2vp8-jv5v-6qh6 https://github.com/advisories/GHSA-2vp8-jv5v-6qh6
RHSA-2021:3527 https://access.redhat.com/errata/RHSA-2021:3527
RHSA-2021:3528 https://access.redhat.com/errata/RHSA-2021:3528
RHSA-2021:3529 https://access.redhat.com/errata/RHSA-2021:3529
RHSA-2021:3534 https://access.redhat.com/errata/RHSA-2021:3534
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3637.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3637
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3637
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3637
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.37749
EPSS Score 0.00087
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.