Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv2

CVE-2018-10894

Published: 01/08/2018 Updated: 09/10/2019
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
CVSS v3 Base Score: 5.4 | Impact Score: 2.5 | Exploitability Score: 2.8
VMScore: 490
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Subscribe to Keycloak

Vulnerability Summary

It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat keycloak 3.4.3

redhat single_sign-on 7.2

Vendor Advisories

Red Hat: Moderate: Red Hat Single Sign-On 7.2.5 security and bug fix update
Synopsis Moderate: Red Hat Single Sign-On 725 security and bug fix update Type/Severity Security Advisory: Moderate Topic A security update is now available for Red Hat Single Sign-On 72 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Moderate A Com ...
Red Hat: Moderate: Red Hat Single Sign-On 7.2.5 on RHEL 6 security and bug fix update
Synopsis Moderate: Red Hat Single Sign-On 725 on RHEL 6 security and bug fix update Type/Severity Security Advisory: Moderate Topic New Red Hat Single Sign-On 725 packages are now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moder ...
Red Hat: Moderate: Red Hat Single Sign-On 7.2.5 on RHEL 7 security and bug fix update
Synopsis Moderate: Red Hat Single Sign-On 725 on RHEL 7 security and bug fix update Type/Severity Security Advisory: Moderate Topic New Red Hat Single Sign-On 725 packages are now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moder ...
Red Hat: Important: Red Hat OpenShift Application Runtimes Thorntail 2.4.0 security & bug fix update
Synopsis Important: Red Hat OpenShift Application Runtimes Thorntail 240 security & bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Application RuntimesRed Hat Product Security has rated this update as having a security impact of Import ...
Red Hat: CVE-2018-10894
It was found that SAML authentication in Keycloak 343Final incorrectly authenticated expired certificates A malicious user could use this to access unauthorized data or possibly conduct further attacks ...

References

CWE-295https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894https://access.redhat.com/errata/RHSA-2018:3595https://access.redhat.com/errata/RHSA-2018:3593https://access.redhat.com/errata/RHSA-2018:3592https://access.redhat.com/errata/RHSA-2019:0877https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2018:3595
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook