CVE-2021-3914: 
Java vulnerability analysis and mitigation

The CVE-2021-3914 vulnerability was identified in the smallrye health metrics UI component, where user inputs were not properly sanitized. This security flaw was disclosed on August 25, 2022, and received a CVSS v3 Base Score of 6.1 (Medium severity). The vulnerability affects the smallrye-health component and various Red Hat products including Red Hat build of Quarkus and OpenShift application runtimes 1.0 (AttackerKB, Red Hat Advisory).

The vulnerability is classified as CWE-79 (Cross-site Scripting) with a CVSS v3 Base Score of 6.1. The attack vector is Network-based (AV:N), with Low attack complexity (AC:L), requiring No privileges (PR:N), and User interaction (UI:R). The scope is Changed (S:C), with Low impact on both Confidentiality (C:L) and Integrity (I:L), and No impact on Availability (A:N) (AttackerKB).

The vulnerability could allow attackers to conduct cross-site scripting attacks through the affected component. The impact is primarily focused on confidentiality and integrity aspects, with potential exposure to user data and possible manipulation of web content (Red Hat Bugzilla).

Red Hat has addressed this vulnerability in Red Hat build of Quarkus 2.7.5 through the security advisory RHSA-2022:4623 released on May 18, 2022. Users are advised to update to the patched version to mitigate this security risk (Red Hat Advisory).