Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
single sign-on vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-1697
It was found in all keycloak versions prior to 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly...
Redhat Keycloak
Redhat Single Sign-on 7.3
6.8
CVSSv3
CVE-2021-20262
A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an malicious user to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability i...
Redhat Keycloak 12.0.0
Redhat Single Sign-on 7.0
7.2
CVSSv3
CVE-2022-2668
An issue exists in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled
Redhat Single Sign-on 7.0
Redhat Keycloak 18.0.0
NA
CVE-2012-5352
Java Open Single Sign-On Project Home (JOSSO) allows remote malicious users to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."
Josso Java Open Single Sign-on Project Home -
5.4
CVSSv3
CVE-2019-3872
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduc...
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Single Sign-on 7.0
9
CVSSv3
CVE-2019-3873
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Single Sign-on 7.0
6.1
CVSSv3
CVE-2022-2237
A flaw was found in the Keycloak Node.js Adapter. This flaw allows an malicious user to benefit from an Open Redirect vulnerability in the checkSso function.
Redhat Single Sign-on 7.0
Redhat Keycloak Node.js Adapter -
NA
CVE-2013-6745
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form.
Ibm Security Access Manager For Enterprise Single Sign-on 8.2
7.5
CVSSv3
CVE-2021-3632
A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
Redhat Single Sign-on 7.0
Redhat Keycloak
Redhat Single Sign-on
6.1
CVSSv3
CVE-2023-52240
The Kantega SAML SSO OIDC Kerberos Single Sign-on apps prior to 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 up to and including 4.14.8 prior to 4.14.9, 5.0.0 up to and including 5.11.4 prior to 5.11.5, and 6.0.0 up to and including ...
Kantega-sso Kantega Saml Sso Oidc Kerberos Single Sign-on
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »