Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
single sign-on vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-20355
A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote malicious user to successfully establis...
NA
CVE-2024-4985
An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an malicious user to forge a SAML response to provision and/or ga...
1 Github repository
1 Article
NA
CVE-2023-25681
LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-o...
NA
CVE-2024-21401
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability
Microsoft Entra Jira Sso Plugin
NA
CVE-2023-6291
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the malicious user to impersonate other users.
Redhat Single Sign-on -
Redhat Keycloak
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform For Ibm Z 4.9
Redhat Openshift Container Platform For Ibm Z 4.10
Redhat Openshift Container Platform For Linuxone 4.9
Redhat Openshift Container Platform For Linuxone 4.10
Redhat Openshift Container Platform For Power 4.9
Redhat Openshift Container Platform For Power 4.10
Redhat Single Sign-on 7.6
Redhat Migration Toolkit For Applications 6.0
Redhat Migration Toolkit For Applications 7.0
NA
CVE-2024-23687
Hard-coded credentials in FOLIO mod-data-export-spring versions prior to 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines.
Openlibraryfoundation Mod-data-export-spring
NA
CVE-2023-52240
The Kantega SAML SSO OIDC Kerberos Single Sign-on apps prior to 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 up to and including 4.14.8 prior to 4.14.9, 5.0.0 up to and including 5.11.4 prior to 5.11.5, and 6.0.0 up to and including ...
Kantega-sso Kantega Saml Sso Oidc Kerberos Single Sign-on
NA
CVE-2023-4641
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve ...
Shadow-maint Shadow-utils
Redhat Enterprise Linux 8.0
Redhat Codeready Linux Builder 8.0
Redhat Enterprise Linux 9.0
Redhat Enterprise Linux For Arm 64 9.0
Redhat Enterprise Linux For Arm 64 8.0
Redhat Codeready Linux Builder For Ibm Z Systems 9.0 S390x
Redhat Codeready Linux Builder For Arm64 9.0 Aarch64
Redhat Enterprise Linux For Power Little Endian 8.0 Ppc64le
Redhat Enterprise Linux For Ibm Z Systems 8.0 S390x
Redhat Codeready Linux Builder For Power Little Endian 9.0 Ppc64le
Redhat Codeready Linux Builder 9.0
Redhat Enterprise Linux For Power Little Endian 9.0 Ppc64le
Redhat Enterprise Linux For Ibm Z Systems 9.0 S390x
Redhat Codeready Linux Builder For Ibm Z Systems 8.0 S390x
Redhat Codeready Linux Builder For Arm64 8.0 Aarch64
Redhat Codeready Linux Builder For Power Little Endian 8.0 Ppc64le
NA
CVE-2023-2585
Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or poss...
Redhat Single Sign-on 7.6
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform For Ibm Z 4.9
Redhat Openshift Container Platform For Ibm Z 4.10
Redhat Openshift Container Platform For Linuxone 4.9
Redhat Openshift Container Platform For Linuxone 4.10
Redhat Openshift Container Platform For Power 4.9
Redhat Openshift Container Platform For Power 4.10
Redhat Single Sign-on -
NA
CVE-2023-6927
A flaw was found in Keycloak. This issue may allow an malicious user to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
Redhat Keycloak -
Redhat Single Sign-on 7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »