Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat single sign-on 7.0 vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv2
CVE-2021-3461
A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].
Redhat Keycloak 9.0.13
Redhat Single Sign-on 7.0
Redhat Single Sign-on 7.4
Redhat Single Sign-on 7.4.7
5.5
CVSSv2
CVE-2019-10201
It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message is still accepted, and the message can be modified. An attacker could ...
Redhat Keycloak
Redhat Single Sign-on 7.0
Redhat Single Sign-on 7.3.3
5
CVSSv2
CVE-2020-10758
A vulnerability was found in Keycloak prior to 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.
Redhat Keycloak
Redhat Openshift Application Runtimes -
Redhat Openshift Application Runtimes 1.0
Redhat Single Sign-on -
Redhat Single Sign-on 7.0
Redhat Single Sign-on 7.4
NA
CVE-2022-2256
A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged malicious user to execute malicious scripts in the admin console, abusing the default roles functionality.
Redhat Single Sign-on 7.0
5
CVSSv2
CVE-2021-3637
A flaw was found in keycloak-model-infinispan in keycloak versions prior to 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.
Redhat Keycloak
Redhat Single Sign-on 7.0
NA
CVE-2022-0225
A flaw was found in Keycloak. This flaw allows a privileged malicious user to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.
Redhat Keycloak -
Redhat Single Sign-on 7.0
NA
CVE-2021-3754
A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.
Redhat Keycloak -
Redhat Single Sign-on 7.0
1 Github repository
4.3
CVSSv2
CVE-2020-27838
A flaw was found in keycloak in versions before 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threa...
Redhat Keycloak
Redhat Single Sign-on 7.0
1 Github repository
NA
CVE-2023-6927
A flaw was found in Keycloak. This issue may allow an malicious user to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
Redhat Keycloak -
Redhat Single Sign-on 7.0
NA
CVE-2022-2668
An issue exists in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled
Redhat Single Sign-on 7.0
Redhat Keycloak 18.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »