
Cloud Vulnerability DB
A community-led vulnerabilities database
A security vulnerability (CVE-2022-3143) was identified in Wildfly-elytron, where the software uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. The vulnerability was discovered and disclosed in 2022, affecting Wildfly-elytron and JBoss Enterprise Application Platform systems (NVD).
The vulnerability stems from the use of java.util.Arrays.equals method in Wildfly-elytron, which is susceptible to timing attacks. The proper secure method recommended is java.security.MessageDigest.isEqual. The vulnerability has been assigned a CVSS v3.1 base score of 7.4 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N, indicating a network-accessible vulnerability with high complexity, no privileges required, and potential for high confidentiality and integrity impact (NVD).
The vulnerability allows attackers to potentially access secure information or impersonate authenticated users through timing attack exploitation. This poses significant risks to system security and user authentication integrity (NVD).
The vulnerability has been addressed in updated versions of the affected software. Red Hat has released security updates for JBoss Enterprise Application Platform 7.4.9 that include fixes for this vulnerability. The recommended mitigation is to update to the patched versions of the software (Red Hat Advisory).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."