CVE-2021-20289 - Vulnerability Details

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netapp	Oncommand Insight
Oracle	Communications Cloud Native Core Console
Quarkus	Quarkus
Redhat	Amq Broker Camel Quarkus Integration Jboss Enterprise Application Platform Jbosseapxp Openshift Application Runtimes Red Hat Single Sign On Resteasy Rhosemc

Configuration 1 [-]

cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
EAP 7.3.10 GA
resteasy-jaxrs	cpe:/a:redhat:jboss_enterprise_application_platform:7.3	RHSA-2021:5154	2021-12-15T00:00:00Z
EAP 7.4.2 release
	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2021:4679	2021-11-15T00:00:00Z
Red Hat AMQ 7.9.0
resteasy-jaxrs	cpe:/a:redhat:amq_broker:7	RHSA-2021:3700	2021-09-30T00:00:00Z
Red Hat build of Quarkus 2.2.3
resteasy-core	cpe:/a:redhat:openshift_application_runtimes:1.0	RHSA-2021:3880	2021-10-20T00:00:00Z
Red Hat EAP-XP 2 via EAP 7.3.x base
resteasy-jaxrs	cpe:/a:redhat:jbosseapxp	RHSA-2022:0146	2022-01-17T00:00:00Z
Red Hat Integration Camel Quarkus 1
resteasy-core	cpe:/a:redhat:camel_quarkus:2.2	RHSA-2021:4767	2021-11-23T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6
eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:5149	2021-12-15T00:00:00Z
eap7-ironjacamar-0:1.5.3-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:5149	2021-12-15T00:00:00Z
eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:5149	2021-12-15T00:00:00Z
eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:5149	2021-12-15T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-10.Final_redhat_00011.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:5149	2021-12-15T00:00:00Z
eap7-jsoup-0:1.14.2-1.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:5149	2021-12-15T00:00:00Z
eap7-resteasy-0:3.11.5-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:5149	2021-12-15T00:00:00Z
eap7-undertow-0:2.0.41-1.SP1_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:5149	2021-12-15T00:00:00Z
eap7-wildfly-0:7.3.10-2.GA_redhat_00003.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:5149	2021-12-15T00:00:00Z
eap7-wildfly-elytron-0:1.10.15-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:5149	2021-12-15T00:00:00Z
eap7-wss4j-0:2.2.7-1.redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:5149	2021-12-15T00:00:00Z
eap7-xml-security-0:2.1.7-1.redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:5149	2021-12-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7
eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:5150	2021-12-15T00:00:00Z
eap7-ironjacamar-0:1.5.3-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:5150	2021-12-15T00:00:00Z
eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:5150	2021-12-15T00:00:00Z
eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:5150	2021-12-15T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-10.Final_redhat_00011.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:5150	2021-12-15T00:00:00Z
eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:5150	2021-12-15T00:00:00Z
eap7-resteasy-0:3.11.5-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:5150	2021-12-15T00:00:00Z
eap7-undertow-0:2.0.41-1.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:5150	2021-12-15T00:00:00Z
eap7-wildfly-0:7.3.10-2.GA_redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:5150	2021-12-15T00:00:00Z
eap7-wildfly-elytron-0:1.10.15-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:5150	2021-12-15T00:00:00Z
eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:5150	2021-12-15T00:00:00Z
eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:5150	2021-12-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8
eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:5151	2021-12-15T00:00:00Z
eap7-ironjacamar-0:1.5.3-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:5151	2021-12-15T00:00:00Z
eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:5151	2021-12-15T00:00:00Z
eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:5151	2021-12-15T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-10.Final_redhat_00011.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:5151	2021-12-15T00:00:00Z
eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:5151	2021-12-15T00:00:00Z
eap7-resteasy-0:3.11.5-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:5151	2021-12-15T00:00:00Z
eap7-undertow-0:2.0.41-1.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:5151	2021-12-15T00:00:00Z
eap7-wildfly-0:7.3.10-2.GA_redhat_00003.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:5151	2021-12-15T00:00:00Z
eap7-wildfly-elytron-0:1.10.15-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:5151	2021-12-15T00:00:00Z
eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:5151	2021-12-15T00:00:00Z
eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:5151	2021-12-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2021:4677	2021-11-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2021:4676	2021-11-15T00:00:00Z
Red Hat Single Sign-On 7.4.10
resteasy-jaxrs	cpe:/a:redhat:red_hat_single_sign_on:7	RHSA-2021:5170	2021-12-15T00:00:00Z
Red Hat Single Sign-On 7.5 for RHEL 7
rh-sso7-keycloak-0:15.0.4-1.redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.5::el7	RHSA-2022:0151	2022-01-17T00:00:00Z
Red Hat Single Sign-On 7.5 for RHEL 8
rh-sso7-keycloak-0:15.0.4-1.redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.5::el8	RHSA-2022:0152	2022-01-17T00:00:00Z
Red Hat Support for Spring Boot 2.5.10
resteasy-jaxrs	cpe:/a:redhat:openshift_application_runtimes:1.0	RHSA-2022:1179	2022-04-12T00:00:00Z
RHAF Camel-K 1.8
resteasy-core	cpe:/a:redhat:integration:1	RHSA-2022:6407	2022-09-09T00:00:00Z
RHEL-8 based Middleware Containers
rh-sso-7/sso75-openshift-rhel8:7.5-15	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2022:0164	2022-01-18T00:00:00Z
RHINT Service Registry 2.0.2 GA
resteasy-core	cpe:/a:redhat:integration:1	RHSA-2021:4100	2021-11-02T00:00:00Z
RHSSO 7.5.1
	cpe:/a:redhat:red_hat_single_sign_on:7	RHSA-2022:0155	2022-01-17T00:00:00Z

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=1935927
https://nvd.nist.gov/vuln/detail/CVE-2021-20289
https://www.cve.org/CVERecord?id=CVE-2021-20289
https://www.oracle.com/security-alerts/cpuapr2022.html

History

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00113}`	epss `{'score': 0.00086}`

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00084}`	epss `{'score': 0.00113}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2021-03-26T16:28:44

Updated: 2024-08-03T17:37:23.769Z

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20289

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-03-26T17:15:13.217

Modified: 2024-11-21T05:46:17.387

Link: CVE-2021-20289

Redhat

Severity : Low

Publid Date: 2021-03-03T00:00:00Z

Links: CVE-2021-20289 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object