Vulnerabilities > Redhat > Keycloak > 7.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-10 | CVE-2020-1697 | Cross-site Scripting vulnerability in Redhat Keycloak It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. | 5.4 |
| 2020-01-08 | CVE-2019-14820 | Unspecified vulnerability in Redhat products It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. | 4.3 |
| 2020-01-07 | CVE-2019-14837 | Use of Hard-coded Credentials vulnerability in Redhat Keycloak A flaw was found in keycloack before version 8.0.0. | 9.1 |
| 2019-12-05 | CVE-2019-14910 | Improper Certificate Validation vulnerability in Redhat Keycloak 7.0.0/7.0.1 A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered. | 9.8 |
| 2019-12-04 | CVE-2019-14909 | Improper Authentication vulnerability in Redhat Keycloak 7.0.0/7.0.1 A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted. | 8.3 |
| 2019-10-15 | CVE-2019-14832 | Incorrect Authorization vulnerability in Redhat Keycloak A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. | 7.5 |