Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2020-1714

Published: 13/05/2020 Updated: 19/10/2021
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Redhat

Vulnerability Summary

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an malicious user to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat keycloak

redhat decision manager 7.0

redhat jboss fuse 7.0.0

redhat openshift application runtimes -

redhat process automation 7.0

redhat single sign-on 7.0

quarkus quarkus

Vendor Advisories

Red Hat: Important: RH-SSO 7.4.1 adapters for Red Hat JBoss Enterprise Application Platform 7
Synopsis Important: RH-SSO 741 adapters for Red Hat JBoss Enterprise Application Platform 7 Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 741 adapters for Red Hat JBoss Enterprise Application Platform 73Red Hat Product Security has rated ...
Red Hat: Important: Red Hat Process Automation Manager 7.8.1 Security Update
Synopsis Important: Red Hat Process Automation Manager 781 Security Update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scori ...
Red Hat: Important: Red Hat build of Thorntail 2.7.0 security and bug fix update
Synopsis Important: Red Hat build of Thorntail 270 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat build of ThorntailRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Red Hat: Important: Red Hat Decision Manager 7.8.1 Security Update
Synopsis Important: Red Hat Decision Manager 781 Security Update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Decision ManagerRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Important: RH-SSO 7.4.1 adapters for Red Hat JBoss Enterprise Application Platform 6
Synopsis Important: RH-SSO 741 adapters for Red Hat JBoss Enterprise Application Platform 6 Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 741 adapters for Red Hat JBoss Enterprise Application Platform 6Red Hat Product Security has rated th ...
Red Hat: Important: Red Hat build of Quarkus 1.7.5 release and security update
Synopsis Important: Red Hat build of Quarkus 175 release and security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat build of QuarkusRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syst ...
Red Hat: Important: Red Hat support for Spring Boot 2.1.15 security and bug fix update
Synopsis Important: Red Hat support for Spring Boot 2115 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat support for Spring BootRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Red Hat: Important: Red Hat Fuse 7.8.0 release and security update
Synopsis Important: Red Hat Fuse 780 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 77 to 78) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Produc ...
Red Hat: Important: Red Hat Single Sign-On 7.4.1 security update
Synopsis Important: Red Hat Single Sign-On 741 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 74 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Arch Linux Issues:
A flaw was found in Keycloak, where the code base contains usages of ObjectInputStream without type checks This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services
Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2020-1714, CVE-2020-10693, CVE-2020-10740, CVE-2020-10758 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

References

CWE-20https://github.com/keycloak/keycloak/pull/7053https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2020:2814https://security.archlinux.org/CVE-2020-1714
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook