Filtered by vendor Redhat
Subscriptions
Filtered by product Single Sign-on
Subscriptions
Total
92 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14657 | 1 Redhat | 3 Keycloak, Linux, Single Sign-on | 2023-02-02 | 8.1 High |
| A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures. | ||||
| CVE-2023-0105 | 1 Redhat | 2 Keycloak, Single Sign-on | 2023-01-23 | 6.5 Medium |
| A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them. | ||||
| CVE-2021-3859 | 2 Netapp, Redhat | 6 Cloud Secure Agent, Oncommand Insight, Oncommand Workflow Automation and 3 more | 2022-12-13 | 7.5 High |
| A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks. | ||||
| CVE-2021-3827 | 1 Redhat | 4 Enterprise Linux, Keycloak, Openshift Container Platform and 1 more | 2022-11-30 | 6.8 Medium |
| A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity. | ||||
| CVE-2021-3632 | 1 Redhat | 3 Enterprise Linux, Keycloak, Single Sign-on | 2022-11-23 | 7.5 High |
| A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow. | ||||
| CVE-2021-3597 | 2 Netapp, Redhat | 9 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 6 more | 2022-11-10 | 5.9 Medium |
| A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final. | ||||
| CVE-2021-3717 | 1 Redhat | 4 Enterprise Linux, Jboss Enterprise Application Platform, Single Sign-on and 1 more | 2022-11-10 | 7.8 High |
| A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0. | ||||
| CVE-2019-14885 | 1 Redhat | 2 Jboss Enterprise Application Platform, Single Sign-on | 2022-11-08 | 4.3 Medium |
| A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information. | ||||
| CVE-2022-2764 | 2 Netapp, Redhat | 9 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 6 more | 2022-11-07 | 4.9 Medium |
| A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations. | ||||
| CVE-2022-1319 | 2 Netapp, Redhat | 7 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 4 more | 2022-11-07 | 7.5 High |
| A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. | ||||
| CVE-2022-1259 | 2 Netapp, Redhat | 10 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 7 more | 2022-11-07 | 7.5 High |
| A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629. | ||||
| CVE-2022-2256 | 1 Redhat | 1 Single Sign-on | 2022-10-18 | 3.8 Low |
| A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality. | ||||
| CVE-2022-0225 | 1 Redhat | 2 Keycloak, Single Sign-on | 2022-09-01 | 5.4 Medium |
| A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack. | ||||
| CVE-2021-3754 | 1 Redhat | 2 Keycloak, Single Sign-on | 2022-09-01 | 5.3 Medium |
| A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password. | ||||
| CVE-2022-0084 | 1 Redhat | 4 Integration Camel K, Integration Camel Quarkus, Single Sign-on and 1 more | 2022-09-01 | 7.5 High |
| A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. | ||||
| CVE-2022-2668 | 1 Redhat | 2 Keycloak, Single Sign-on | 2022-08-11 | 7.2 High |
| An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled | ||||
| CVE-2022-1466 | 1 Redhat | 2 Keycloak, Single Sign-on | 2022-05-06 | 6.5 Medium |
| Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted. | ||||
| CVE-2021-3424 | 1 Redhat | 1 Single Sign-on | 2022-04-25 | 5.3 Medium |
| A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges. | ||||
| CVE-2021-3461 | 1 Redhat | 2 Keycloak, Single Sign-on | 2022-04-13 | 7.1 High |
| A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name]. | ||||
| CVE-2019-14888 | 2 Netapp, Redhat | 6 Active Iq Unified Manager, Jboss Data Grid, Jboss Enterprise Application Platform and 3 more | 2022-04-01 | 7.5 High |
| A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL. | ||||