What is CVE-2021-3536 — Cross-Site Scripting (XSS) in WildFly?

CVE-2021-3536 is an XSS vulnerability in WildFly versions up to 9.0.2.Final. It allows attackers to inject malicious scripts when creating roles via the admin console, potentially compromising confidentiality and integrity.

Am I affected by CVE-2021-3536 in WildFly?

You are affected if you are running WildFly versions 9.0.2.Final or earlier. Upgrade to 23.0.2.Final or later to mitigate the risk.

How do I fix CVE-2021-3536 in WildFly?

Upgrade WildFly to version 23.0.2.Final or later. If immediate upgrade isn't possible, restrict admin console access and validate role name inputs.

Is CVE-2021-3536 being actively exploited?

There is currently no evidence of active exploitation campaigns targeting CVE-2021-3536, but proactive patching is still recommended.

Where can I find the official WildFly advisory for CVE-2021-3536?

Refer to the official Red Hat security advisory for CVE-2021-3536: https://access.redhat.com/security/cve/CVE-2021-3536

CVE-2021-3536 — Vulnerability Details

NEXTGUARD

Escanear grátis

CVE-2021-3536 — Vulnerability Details | NextGuard

Passos de Detecçãotraduzindo…

• java / server:

# Check WildFly version
/opt/wildfly/bin/wildfly.sh status

• java / server:

# Review WildFly logs for suspicious role creation attempts
grep -i 'role name' /opt/wildfly/standalone/log/server.log

Cross-site Scripting em Wildfly

Impacto e Cenários de Ataquetraduzindo…

Contexto de Exploraçãotraduzindo…

Quem Está em Riscotraduzindo…

Passos de Detecçãotraduzindo…

Linha do Tempo do Ataque

Inteligência de Ameaças

Software Afetado

Classificação de Fraqueza (CWE)

Linha do tempo

Mitigação e Soluções Alternativastraduzindo…

Como corrigir

Boletim de Segurança CVE

Perguntas frequentestraduzindo…

What is CVE-2021-3536 — Cross-Site Scripting (XSS) in WildFly?

Am I affected by CVE-2021-3536 in WildFly?

How do I fix CVE-2021-3536 in WildFly?

Is CVE-2021-3536 being actively exploited?

Where can I find the official WildFly advisory for CVE-2021-3536?

Seu projeto está afetado?

Detecte esta CVE no seu projeto