Vulnerabilities > Redhat > Keycloak > 2.5.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-22 | CVE-2020-1727 | Improper Input Validation vulnerability in Redhat Keycloak A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. | 5.4 |
| 2020-05-15 | CVE-2020-1758 | Improper Certificate Validation vulnerability in Redhat Keycloak A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. | 5.9 |
| 2020-05-13 | CVE-2020-1714 | Improper Input Validation vulnerability in multiple products A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. | 8.8 |
| 2020-05-12 | CVE-2020-1718 | Improper Authentication vulnerability in Redhat Keycloak A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. | 8.8 |
| 2020-05-11 | CVE-2020-1724 | Insufficient Session Expiration vulnerability in Redhat Keycloak A flaw was found in Keycloak in versions before 9.0.2. | 4.3 |
| 2020-05-11 | CVE-2020-1698 | Information Exposure Through Log Files vulnerability in Redhat Keycloak A flaw was found in keycloak in versions before 9.0.0. | 5.5 |
| 2020-05-08 | CVE-2019-10170 | Unspecified vulnerability in Redhat Keycloak A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. | 7.2 |
| 2020-05-08 | CVE-2019-10169 | Unspecified vulnerability in Redhat Keycloak A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. | 7.2 |
| 2020-04-06 | CVE-2020-1728 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. | 5.4 |
| 2020-03-24 | CVE-2020-1744 | Improper Handling of Exceptional Conditions vulnerability in Redhat Keycloak A flaw was found in keycloak before version 9.0.1. | 5.6 |