Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
single sign-on vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-27838
A flaw was found in keycloak in versions before 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threa...
Redhat Keycloak
Redhat Single Sign-on 7.0
1 Github repository
5.8
CVSSv2
CVE-2012-5352
Java Open Single Sign-On Project Home (JOSSO) allows remote malicious users to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."
Josso Java Open Single Sign-on Project Home -
NA
CVE-2022-2668
An issue exists in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled
Redhat Single Sign-on 7.0
Redhat Keycloak 18.0.0
3.5
CVSSv2
CVE-2019-3872
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduc...
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Single Sign-on 7.0
6
CVSSv2
CVE-2019-3873
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Single Sign-on 7.0
4.6
CVSSv2
CVE-2021-20262
A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an malicious user to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability i...
Redhat Keycloak 12.0.0
Redhat Single Sign-on 7.0
NA
CVE-2022-2237
A flaw was found in the Keycloak Node.js Adapter. This flaw allows an malicious user to benefit from an Open Redirect vulnerability in the checkSso function.
Redhat Single Sign-on 7.0
Redhat Keycloak Node.js Adapter -
3.5
CVSSv2
CVE-2013-5420
The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request.
Ibm Security Access Manager For Enterprise Single Sign-on 8.2
4.3
CVSSv2
CVE-2013-5421
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote malicious users to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form.
Ibm Security Access Manager For Enterprise Single Sign-on 8.2
3.5
CVSSv2
CVE-2013-6745
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form.
Ibm Security Access Manager For Enterprise Single Sign-on 8.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »