Vulnerabilities > Redhat > Keycloak > 1.9.8

DATE CVE VULNERABILITY TITLE RISK
2022-08-26 CVE-2021-3632 Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in Keycloak.
network
high complexity
redhat CWE-287
7.5
2022-08-26 CVE-2021-3856 Path Traversal vulnerability in Redhat Keycloak
ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader.
network
low complexity
redhat CWE-22
4.3
2022-08-23 CVE-2021-3827 Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed.
network
high complexity
redhat CWE-287
6.8
2022-08-22 CVE-2021-3513 Information Exposure Through an Error Message vulnerability in Redhat Keycloak
A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled.
network
low complexity
redhat CWE-209
7.5
2022-07-08 CVE-2022-1245 Authorization Bypass Through User-Controlled Key vulnerability in Redhat Keycloak
A privilege escalation flaw was found in the token exchange feature of keycloak.
network
low complexity
redhat CWE-639
critical
9.8
2022-04-26 CVE-2022-1466 Incorrect Authorization vulnerability in Redhat Keycloak
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform.
network
low complexity
redhat CWE-863
6.5
2022-03-25 CVE-2021-20323 Cross-site Scripting vulnerability in Redhat Keycloak
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
network
low complexity
redhat CWE-79
6.1
2021-07-09 CVE-2021-3637 Unspecified vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.
network
low complexity
redhat
7.5
2021-05-28 CVE-2020-27826 Unspecified vulnerability in Redhat Keycloak
A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API.
network
high complexity
redhat
4.2
2021-05-28 CVE-2021-20195 Improper Encoding or Escaping of Output vulnerability in Redhat Keycloak
A flaw was found in keycloak in versions before 13.0.0.
network
low complexity
redhat CWE-116
critical
9.6