Vulnerabilities > Redhat > Keycloak > 12.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-26 | CVE-2021-3632 | Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak. | 7.5 |
| 2022-08-26 | CVE-2021-3856 | Path Traversal vulnerability in Redhat Keycloak ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. | 4.3 |
| 2022-08-23 | CVE-2021-3827 | Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. | 6.8 |
| 2022-08-22 | CVE-2021-3513 | Information Exposure Through an Error Message vulnerability in Redhat Keycloak A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. | 7.5 |
| 2022-07-08 | CVE-2022-1245 | Authorization Bypass Through User-Controlled Key vulnerability in Redhat Keycloak A privilege escalation flaw was found in the token exchange feature of keycloak. | 9.8 |
| 2022-04-26 | CVE-2022-1466 | Incorrect Authorization vulnerability in Redhat Keycloak Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. | 6.5 |
| 2022-03-25 | CVE-2021-20323 | Cross-site Scripting vulnerability in Redhat Keycloak A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. | 6.1 |
| 2022-01-25 | CVE-2021-4133 | Incorrect Authorization vulnerability in Redhat Keycloak A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled. | 8.8 |
| 2021-07-09 | CVE-2021-3637 | Unspecified vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack. | 7.5 |
| 2021-05-28 | CVE-2021-20195 | Improper Encoding or Escaping of Output vulnerability in Redhat Keycloak A flaw was found in keycloak in versions before 13.0.0. | 9.6 |