Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
single_sign-on vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-4137
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to intera...
Redhat Keycloak -
Redhat Single Sign-on 7.6
7.5
CVSSv3
CVE-2021-3632
A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
Redhat Single Sign-on 7.0
Redhat Keycloak
Redhat Single Sign-on
5.4
CVSSv3
CVE-2022-1274
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
Redhat Single Sign-on -
Redhat Keycloak
Redhat Single Sign-on
Redhat Openshift Container Platform 4.9
Redhat Openshift Container Platform 4.10
6.8
CVSSv3
CVE-2021-3827
A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user'...
Redhat Single Sign-on 7.0
Redhat Keycloak
Redhat Single Sign-on 7.5.0
Redhat Openshift Container Platform 4.8
Redhat Openshift Container Platform 4.9
7.1
CVSSv3
CVE-2023-2422
A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data ...
Redhat Keycloak -
Redhat Openshift Container Platform 4.9
Redhat Openshift Container Platform 4.10
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
Redhat Single Sign-on 7.6
6.1
CVSSv3
CVE-2022-4361
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an malicious user to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redir...
Redhat Keycloak
Redhat Single Sign-on
Redhat Single Sign-on -
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform For Ibm Linuxone 4.9
Redhat Openshift Container Platform For Ibm Linuxone 4.10
Redhat Openshift Container Platform For Power 4.9
Redhat Openshift Container Platform For Power 4.10
5.4
CVSSv3
CVE-2023-6134
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an malicious user to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is ...
Redhat Single Sign-on
Redhat Keycloak
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform For Power 4.9
Redhat Openshift Container Platform For Power 4.10
Redhat Openshift Container Platform Ibm Z Systems 4.9
Redhat Openshift Container Platform Ibm Z Systems 4.10
Redhat Single Sign-on -
4.9
CVSSv3
CVE-2019-14838
A flaw was found in wildfly-core prior to 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server
Redhat Wildfly Core 7.0.0
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Jboss Enterprise Application Platform 7.2.5
Redhat Jboss Enterprise Application Platform 7.3.0
Redhat Single Sign-on 7.3.5
Redhat Data Grid 7.3.4
Redhat Jboss Enterprise Application Platform 7.2.4
1 Github repository
5
CVSSv3
CVE-2023-0264
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session t...
Redhat Keycloak
Redhat Single Sign-on
Redhat Openshift Container Platform 4.9
Redhat Openshift Container Platform 4.10
Redhat Openshift Container Platform For Ibm Linuxone 4.9
Redhat Openshift Container Platform For Ibm Linuxone 4.10
Redhat Openshift Container Platform Ibm Z Systems 4.9
Redhat Openshift Container Platform Ibm Z Systems 4.10
Redhat Single Sign-on -
1 Github repository
7.7
CVSSv3
CVE-2023-6563
An unconstrained memory consumption vulnerability exists in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the &quo...
Redhat Keycloak
Redhat Single Sign-on 7.6
Redhat Single Sign-on -
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform For Power 4.9
Redhat Openshift Container Platform For Power 4.10
Redhat Openshift Container Platform For Ibm Linuxone 4.9
Redhat Openshift Container Platform For Ibm Linuxone 4.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »