Vulnerabilities > Redhat > Keycloak > 9.0.0

DATE CVE VULNERABILITY TITLE RISK
2020-09-16 CVE-2020-10758 Allocation of Resources Without Limits or Throttling vulnerability in Redhat products
A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.
network
low complexity
redhat CWE-770
7.5
2020-06-22 CVE-2020-1727 Improper Input Validation vulnerability in Redhat Keycloak
A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters.
network
low complexity
redhat CWE-20
5.4
2020-05-15 CVE-2020-1758 Improper Certificate Validation vulnerability in Redhat Keycloak
A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server.
network
high complexity
redhat CWE-295
5.9
2020-05-13 CVE-2020-1714 Improper Input Validation vulnerability in multiple products
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks.
network
low complexity
redhat quarkus CWE-20
8.8
2020-05-11 CVE-2020-1724 Insufficient Session Expiration vulnerability in Redhat Keycloak
A flaw was found in Keycloak in versions before 9.0.2.
network
low complexity
redhat CWE-613
4.3
2020-05-04 CVE-2020-10686 Unspecified vulnerability in Redhat Keycloak 8.0.2/9.0.0
A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself.
network
low complexity
redhat
4.7
2020-04-06 CVE-2020-1728 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses.
network
low complexity
redhat quarkus CWE-1021
5.4
2020-03-24 CVE-2020-1744 Improper Handling of Exceptional Conditions vulnerability in Redhat Keycloak
A flaw was found in keycloak before version 9.0.1.
network
high complexity
redhat CWE-755
5.6