Vulnerabilities > Redhat > Keycloak > 9.0.13
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-16 | CVE-2020-1694 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Keycloak A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. | 4.9 |
| 2020-09-16 | CVE-2020-10758 | Allocation of Resources Without Limits or Throttling vulnerability in Redhat products A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body. | 7.5 |
| 2020-05-15 | CVE-2020-1758 | Improper Certificate Validation vulnerability in Redhat Keycloak A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. | 5.9 |
| 2020-05-13 | CVE-2020-1714 | Improper Input Validation vulnerability in multiple products A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. | 8.8 |
| 2020-04-06 | CVE-2020-1728 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. | 5.4 |