Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat single sign-on 7.4 vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv2
CVE-2020-27826
A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an malicious user to change its own NameID attribute to impersonate the admin user for any particular application.
Redhat Keycloak
Redhat Single Sign-on -
Redhat Single Sign-on 7.4
Redhat Single Sign-on 7.4.4
3.3
CVSSv2
CVE-2021-3461
A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].
Redhat Keycloak 9.0.13
Redhat Single Sign-on 7.0
Redhat Single Sign-on 7.4
Redhat Single Sign-on 7.4.7
5
CVSSv2
CVE-2020-10758
A vulnerability was found in Keycloak prior to 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.
Redhat Single Sign-on -
Redhat Single Sign-on 7.0
Redhat Openshift Application Runtimes 1.0
Redhat Keycloak
Redhat Single Sign-on 7.4
Redhat Openshift Application Runtimes -
5
CVSSv2
CVE-2021-3424
A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges.
Redhat Single Sign-on 7.4
NA
CVE-2021-3859
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an malicious user to carry out denial of service attacks.
Redhat Jboss Enterprise Application Platform 7.3
Redhat Jboss Enterprise Application Platform 7.4
Redhat Undertow
Redhat Single Sign-on 7.5.1
Redhat Single Sign-on 7.4.10
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Cloud Secure Agent -
5
CVSSv2
CVE-2019-10184
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
Redhat Undertow
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Single Sign-on -
Redhat Single Sign-on 7.0
Redhat Openshift Application Runtimes 1.0
Redhat Jboss Enterprise Application Platform -
Redhat Jboss Data Grid -
Redhat Openshift Application Runtimes -
Redhat Jboss Enterprise Application Platform 7.2
Redhat Jboss Enterprise Application Platform 7.3
Redhat Jboss Enterprise Application Platform 7.4
Redhat Single Sign-on 7.3
Netapp Active Iq Unified Manager -
1 Github repository
4.6
CVSSv2
CVE-2021-3717
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This ...
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform -
Redhat Wildfly Core
Redhat Jboss Enterprise Application Platform 7.4
Redhat Jboss Enterprise Application Platform 7.3
5.8
CVSSv2
CVE-2020-10687
A flaw exists in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an malicious user to poison a web-cache, ...
Redhat Undertow
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform -
Redhat Jboss Enterprise Application Platform 7.2
Redhat Jboss Enterprise Application Platform 7.3
Redhat Jboss Enterprise Application Platform 7.4
NA
CVE-2023-3223
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it...
Redhat Undertow
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform For Ibm Linuxone 4.9
Redhat Openshift Container Platform For Ibm Linuxone 4.10
Redhat Openshift Container Platform For Power 4.9
Redhat Openshift Container Platform For Power 4.10
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform Text-only Advisories -
Redhat Single Sign-on 7.6
Redhat Jboss Enterprise Application Platform 7.4
NA
CVE-2021-3690
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an malicious user to cause a denial of service. The highest threat from this vulnerability is availability.
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform -
Redhat Openshift Application Runtimes -
Redhat Integration Camel K -
Redhat Integration Camel Quarkus -
Redhat Fuse 1.0
Redhat Undertow
Redhat Jboss Enterprise Application Platform 7.3
Redhat Jboss Enterprise Application Platform 7.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »