Published: 08/01/2020 Updated: 29/10/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an malicious user to access unauthorized information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat keycloak
redhat single sign-on 7.3
redhat jboss enterprise application platform 6.4.0
redhat jboss enterprise application platform 7.2.0
redhat jboss fuse 7.0.0

Synopsis Low: RH-SSO 734 adapters for Enterprise Application Platform 6 security update Type/Severity Security Advisory: Low Topic Red Hat Single Sign-On 734 adapters are now available for Red Hat JBoss Enterprise Application Platform 6Red Hat Product Security has rated this update as having a security ...

Synopsis Low: RH-SSO 734 adapters for Enterprise Application Platform 72 security update Type/Severity Security Advisory: Low Topic Red Hat Single Sign-On 734 adapters are now available for Red Hat JBoss Enterprise Application Platform 72Red Hat Product Security has rated this update as having a secur ...

Synopsis Important: Red Hat Single Sign-On 734 security update on RHEL 7 Type/Severity Security Advisory: Important Topic New Red Hat Single Sign-On 734 packages are now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Co ...

Synopsis Important: Red Hat Single Sign-On 734 security update on RHEL 6 Type/Severity Security Advisory: Important Topic New Red Hat Single Sign-On 734 packages are now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Co ...

Synopsis Important: Red Hat Single Sign-On 734 security update on RHEL 8 Type/Severity Security Advisory: Important Topic New Red Hat Single Sign-On 734 packages are now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Co ...

Synopsis Important: Red Hat Single Sign-On 734 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 73 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...

Synopsis Important: Red Hat build of Thorntail 251 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat build of ThorntailRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...

NVD-CWE-noinfo https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14820 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2019:3048

CVE-2019-14820

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect