There was a vulnerability found in wildfly, where incorrect JBOSS_LOCAL_USER challenge location when using elytron configuration may lead to allowing JBOSS_LOCAL_USER access to all the users on that machine.
This issue has been addressed in the following products: EAP 7.4.2 release Via RHSA-2021:4679 https://access.redhat.com/errata/RHSA-2021:4679
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2021:4676 https://access.redhat.com/errata/RHSA-2021:4676
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2021:4677 https://access.redhat.com/errata/RHSA-2021:4677
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3717
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7 Via RHSA-2021:5150 https://access.redhat.com/errata/RHSA-2021:5150
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8 Via RHSA-2021:5151 https://access.redhat.com/errata/RHSA-2021:5151
This issue has been addressed in the following products: EAP 7.3.10 GA Via RHSA-2021:5154 https://access.redhat.com/errata/RHSA-2021:5154
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6 Via RHSA-2021:5149 https://access.redhat.com/errata/RHSA-2021:5149
This issue has been addressed in the following products: Red Hat Single Sign-On 7.4.10 Via RHSA-2021:5170 https://access.redhat.com/errata/RHSA-2021:5170
This issue has been addressed in the following products: Red Hat EAP-XP 2 via EAP 7.3.x base Via RHSA-2022:0146 https://access.redhat.com/errata/RHSA-2022:0146
This issue has been addressed in the following products: RHPAM 7.13.0 async Via RHSA-2022:5903 https://access.redhat.com/errata/RHSA-2022:5903
This issue has been addressed in the following products: Red Hat Fuse 7.11.1 Via RHSA-2022:8652 https://access.redhat.com/errata/RHSA-2022:8652
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Via RHSA-2025:1746 https://access.redhat.com/errata/RHSA-2025:1746