Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
single sign-on vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2015-6853
The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote malicious users to cause a denial of service (daemon crash) or obtain sensitiv...
Broadcom Single Sign-on R12.0j
Broadcom Single Sign-on R12.0
Broadcom Single Sign-on R12.52
Broadcom Single Sign-on R12.51
Broadcom Single Sign-on R12.5
Broadcom Single Sign-on R6.0
570
VMScore
CVE-2015-6854
The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote malicious users to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.
Broadcom Single Sign-on R12.0
Broadcom Single Sign-on R6.0
Broadcom Single Sign-on R12.5
Broadcom Single Sign-on R12.0j
1 Github repository
436
VMScore
CVE-2020-27826
A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an malicious user to change its own NameID attribute to impersonate the admin user for any particular application.
Redhat Keycloak
Redhat Single Sign-on -
Redhat Single Sign-on 7.4
Redhat Single Sign-on 7.4.4
294
VMScore
CVE-2021-3461
A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].
Redhat Keycloak 9.0.13
Redhat Single Sign-on 7.0
Redhat Single Sign-on 7.4
Redhat Single Sign-on 7.4.7
356
VMScore
CVE-2017-8040
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions before 1.3.4 and 1.4.x versions before 1.4.3, an XXE (XML External Entity) attack exists in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data o...
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.0
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.2
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.3
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.0
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.1
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.2
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.3
383
VMScore
CVE-2017-8041
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions before 1.3.4 and 1.4.x versions before 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name.
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.0
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.2
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.3
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.0
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.1
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.2
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.3
NA
CVE-2022-3119
The OAuth client Single Sign On WordPress plugin prior to 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated malicious users to update them and change the OAuth endpoints to ones they controls, allowing them to then be authent...
Oauth Client Single Sign On Project Oauth Client Single Sign On
383
VMScore
CVE-2017-8044
In Pivotal Single Sign-On for PCF (1.3.x versions before 1.3.4 and 1.4.x versions before 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.0
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.2
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.3
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.1
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.2
490
VMScore
CVE-2019-10201
It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message is still accepted, and the message can be modified. An attacker could ...
Redhat Keycloak
Redhat Single Sign-on 7.0
Redhat Single Sign-on 7.3.3
516
VMScore
CVE-2015-2215
Open redirect vulnerability in the Services single sign-on server helper (services_sso_server_helper) module for Drupal allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters.
Services Single Sign-on Server Helper Project Services Single Sign-on Server Helper -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-24955
man-in-the-middle
dos
CVE-2024-2818
CVE-2024-30584
CVE-2024-31134
camera
CVE-2023-45866
CVE-2024-30585
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »