Vulnerabilities > CVE-2021-4133 - Incorrect Authorization vulnerability in Redhat Keycloak

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

redhat

CWE-863

NVD

Published: 2022-01-25

Updated: 2022-09-03

Summary

A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Keycloak 12.0.0 Redhat Keycloak 12.0.1 Redhat Keycloak 12.0.2 Redhat Keycloak 12.0.3 Redhat Keycloak 12.0.4 Redhat Keycloak 13.0.0 Redhat Keycloak 13.0.1 Redhat Keycloak 14.0.0 Redhat Keycloak 15.0.0 Redhat Keycloak 15.0.1 Redhat Keycloak 15.0.2 Redhat Keycloak 15.1.0	12

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References