Vulnerabilities > Redhat > Keycloak > 2.5.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-26 | CVE-2021-3632 | Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak. | 7.5 |
| 2022-08-26 | CVE-2021-3856 | Path Traversal vulnerability in Redhat Keycloak ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. | 4.3 |
| 2022-08-23 | CVE-2021-3827 | Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. | 6.8 |
| 2022-08-22 | CVE-2021-3513 | Information Exposure Through an Error Message vulnerability in Redhat Keycloak A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. | 7.5 |
| 2022-07-08 | CVE-2022-1245 | Authorization Bypass Through User-Controlled Key vulnerability in Redhat Keycloak A privilege escalation flaw was found in the token exchange feature of keycloak. | 9.8 |
| 2022-04-26 | CVE-2022-1466 | Incorrect Authorization vulnerability in Redhat Keycloak Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. | 6.5 |
| 2022-03-25 | CVE-2021-20323 | Cross-site Scripting vulnerability in Redhat Keycloak A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. | 6.1 |
| 2021-07-09 | CVE-2021-3637 | Unspecified vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack. | 7.5 |
| 2021-05-28 | CVE-2020-27826 | Unspecified vulnerability in Redhat Keycloak A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. | 4.2 |
| 2021-05-28 | CVE-2021-20195 | Improper Encoding or Escaping of Output vulnerability in Redhat Keycloak A flaw was found in keycloak in versions before 13.0.0. | 9.6 |