CVE-2021-20324

A flaw was found in WildFly Elytron. A variation to the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1830206 Issue Tracking Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:wildfly_elytron:-:*:*:*:*:*:*:*

Information

Published : 2022-04-18 05:15

Updated : 2022-04-26 05:40


NVD link : CVE-2021-20324

Mitre link : CVE-2021-20324

Products Affected
No products.
CWE
CWE-384

Session Fixation