A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Netapp
  • Oncommand Insight
Oracle
  • Communications Cloud Native Core Console
Quarkus
  • Quarkus
Redhat
  • Amq Broker
  • Camel Quarkus
  • Integration
  • Jboss Enterprise Application Platform
  • Jbosseapxp
  • Openshift Application Runtimes
  • Red Hat Single Sign On
  • Resteasy
  • Rhosemc

Configuration 1 [-]

cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
EAP 7.3.10 GA
resteasy-jaxrs cpe:/a:redhat:jboss_enterprise_application_platform:7.3 RHSA-2021:5154 2021-12-15T00:00:00Z
EAP 7.4.2 release
cpe:/a:redhat:jboss_enterprise_application_platform:7.4 RHSA-2021:4679 2021-11-15T00:00:00Z
Red Hat AMQ 7.9.0
resteasy-jaxrs cpe:/a:redhat:amq_broker:7 RHSA-2021:3700 2021-09-30T00:00:00Z
Red Hat build of Quarkus 2.2.3
resteasy-core cpe:/a:redhat:openshift_application_runtimes:1.0 RHSA-2021:3880 2021-10-20T00:00:00Z
Red Hat EAP-XP 2 via EAP 7.3.x base
resteasy-jaxrs cpe:/a:redhat:jbosseapxp RHSA-2022:0146 2022-01-17T00:00:00Z
Red Hat Integration Camel Quarkus 1
resteasy-core cpe:/a:redhat:camel_quarkus:2.2 RHSA-2021:4767 2021-11-23T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6
eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-ironjacamar-0:1.5.3-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-10.Final_redhat_00011.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-jsoup-0:1.14.2-1.redhat_00002.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-resteasy-0:3.11.5-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-undertow-0:2.0.41-1.SP1_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-wildfly-0:7.3.10-2.GA_redhat_00003.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-wildfly-elytron-0:1.10.15-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-wss4j-0:2.2.7-1.redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
eap7-xml-security-0:2.1.7-1.redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 RHSA-2021:5149 2021-12-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7
eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-ironjacamar-0:1.5.3-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-10.Final_redhat_00011.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-resteasy-0:3.11.5-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-undertow-0:2.0.41-1.SP1_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-wildfly-0:7.3.10-2.GA_redhat_00003.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-wildfly-elytron-0:1.10.15-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 RHSA-2021:5150 2021-12-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8
eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-ironjacamar-0:1.5.3-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-10.Final_redhat_00011.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-resteasy-0:3.11.5-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-undertow-0:2.0.41-1.SP1_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-wildfly-0:7.3.10-2.GA_redhat_00003.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-wildfly-elytron-0:1.10.15-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 RHSA-2021:5151 2021-12-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 RHSA-2021:4677 2021-11-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 RHSA-2021:4676 2021-11-15T00:00:00Z
Red Hat Single Sign-On 7.4.10
resteasy-jaxrs cpe:/a:redhat:red_hat_single_sign_on:7 RHSA-2021:5170 2021-12-15T00:00:00Z
Red Hat Single Sign-On 7.5 for RHEL 7
rh-sso7-keycloak-0:15.0.4-1.redhat_00001.1.el7sso cpe:/a:redhat:red_hat_single_sign_on:7.5::el7 RHSA-2022:0151 2022-01-17T00:00:00Z
Red Hat Single Sign-On 7.5 for RHEL 8
rh-sso7-keycloak-0:15.0.4-1.redhat_00001.1.el8sso cpe:/a:redhat:red_hat_single_sign_on:7.5::el8 RHSA-2022:0152 2022-01-17T00:00:00Z
Red Hat Support for Spring Boot 2.5.10
resteasy-jaxrs cpe:/a:redhat:openshift_application_runtimes:1.0 RHSA-2022:1179 2022-04-12T00:00:00Z
RHAF Camel-K 1.8
resteasy-core cpe:/a:redhat:integration:1 RHSA-2022:6407 2022-09-09T00:00:00Z
RHEL-8 based Middleware Containers
rh-sso-7/sso75-openshift-rhel8:7.5-15 cpe:/a:redhat:rhosemc:1.0::el8 RHSA-2022:0164 2022-01-18T00:00:00Z
RHINT Service Registry 2.0.2 GA
resteasy-core cpe:/a:redhat:integration:1 RHSA-2021:4100 2021-11-02T00:00:00Z
RHSSO 7.5.1
cpe:/a:redhat:red_hat_single_sign_on:7 RHSA-2022:0155 2022-01-17T00:00:00Z
References
Link Providers
https://bugzilla.redhat.com/show_bug.cgi?id=1935927 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2021-20289 cve-icon
https://www.cve.org/CVERecord?id=CVE-2021-20289 cve-icon
https://www.oracle.com/security-alerts/cpuapr2022.html cve-icon cve-icon
History

Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00113}

 epss

{'score': 0.00086}

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00084}

 epss

{'score': 0.00113}
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2021-03-26T16:28:44

Updated: 2024-08-03T17:37:23.769Z

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20289

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-03-26T17:15:13.217

Modified: 2024-11-21T05:46:17.387

Link: CVE-2021-20289

cve-icon Redhat

Severity : Low

Publid Date: 2021-03-03T00:00:00Z

Links: CVE-2021-20289 - Bugzilla