Search for vulnerabilities
Vulnerability details: VCID-v8th-h1mg-aaae
Vulnerability ID VCID-v8th-h1mg-aaae
Aliases CVE-2021-3536
GHSA-v2wx-jj66-2hp7
Summary Cross-site Scripting in Wildfly
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2021:2692
rhas Moderate https://access.redhat.com/errata/RHSA-2021:2693
rhas Moderate https://access.redhat.com/errata/RHSA-2021:2694
rhas Moderate https://access.redhat.com/errata/RHSA-2021:2696
rhas Moderate https://access.redhat.com/errata/RHSA-2021:2755
rhas Moderate https://access.redhat.com/errata/RHSA-2021:2965
rhas Important https://access.redhat.com/errata/RHSA-2021:3656
rhas Important https://access.redhat.com/errata/RHSA-2021:3658
rhas Important https://access.redhat.com/errata/RHSA-2021:3660
rhas Critical https://access.redhat.com/errata/RHSA-2021:5134
cvssv3 3.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3536.json
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00284 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00284 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00284 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00284 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00284 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00284 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00284 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00284 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00284 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00284 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00284 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00284 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00284 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00284 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00284 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00284 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00284 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00284 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2021-3536
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1948001
cvssv3.1_qr LOW https://github.com/advisories/GHSA-v2wx-jj66-2hp7
cvssv2 3.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3536
cvssv3 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3536
cvssv3.1 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3536
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3536.json
https://api.first.org/data/v1/epss?cve=CVE-2021-3536
1948001 https://bugzilla.redhat.com/show_bug.cgi?id=1948001
cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:wildfly:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:wildfly:*:*:*:*:*:*:*:*
CVE-2021-3536 https://nvd.nist.gov/vuln/detail/CVE-2021-3536
GHSA-v2wx-jj66-2hp7 https://github.com/advisories/GHSA-v2wx-jj66-2hp7
RHSA-2021:2692 https://access.redhat.com/errata/RHSA-2021:2692
RHSA-2021:2693 https://access.redhat.com/errata/RHSA-2021:2693
RHSA-2021:2694 https://access.redhat.com/errata/RHSA-2021:2694
RHSA-2021:2696 https://access.redhat.com/errata/RHSA-2021:2696
RHSA-2021:2755 https://access.redhat.com/errata/RHSA-2021:2755
RHSA-2021:2965 https://access.redhat.com/errata/RHSA-2021:2965
RHSA-2021:3656 https://access.redhat.com/errata/RHSA-2021:3656
RHSA-2021:3658 https://access.redhat.com/errata/RHSA-2021:3658
RHSA-2021:3660 https://access.redhat.com/errata/RHSA-2021:3660
RHSA-2021:5134 https://access.redhat.com/errata/RHSA-2021:5134
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3536.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3536
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3536
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3536
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.23916
EPSS Score 0.00054
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.