Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat single sign-on - vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2018-10912
keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of...
Redhat Keycloak
Redhat Single Sign-on 7.2
NA
CVE-2021-3754
A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.
Redhat Keycloak -
Redhat Single Sign-on 7.0
1 Github repository
312
VMScore
CVE-2020-1697
It was found in all keycloak versions prior to 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly...
Redhat Keycloak
Redhat Single Sign-on 7.3
356
VMScore
CVE-2022-1466
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.
Redhat Keycloak
Redhat Single Sign-on 7.5.0
383
VMScore
CVE-2020-10748
A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an malicious user to conduct cross-site scripting or further attacks.
Redhat Keycloak 10.0.1
Redhat Single Sign-on
516
VMScore
CVE-2019-3875
A vulnerability was found in keycloak prior to 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself (CDP) or through the separately configured path. The ...
Redhat Single Sign-on 7.3
Redhat Keycloak
NA
CVE-2022-2668
An issue exists in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled
Redhat Single Sign-on 7.0
Redhat Keycloak 18.0.0
409
VMScore
CVE-2021-20262
A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an malicious user to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability i...
Redhat Single Sign-on 7.0
Redhat Keycloak 12.0.0
NA
CVE-2022-2237
A flaw was found in the Keycloak Node.js Adapter. This flaw allows an malicious user to benefit from an Open Redirect vulnerability in the checkSso function.
Redhat Single Sign-on 7.0
Redhat Keycloak Node.js Adapter -
356
VMScore
CVE-2020-1724
A flaw was found in Keycloak in versions prior to 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.
Redhat Keycloak
Redhat Single Sign-on 7.0
Redhat Openshift Application Runtimes -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »