Vulnerabilities > Redhat > Keycloak
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-13 | CVE-2020-1714 | Improper Input Validation vulnerability in multiple products A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. | 6.5 |
| 2020-05-12 | CVE-2020-1718 | Improper Authentication vulnerability in Redhat Keycloak A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. | 8.8 |
| 2020-05-11 | CVE-2020-1724 | Insufficient Session Expiration vulnerability in Redhat Keycloak A flaw was found in Keycloak in versions before 9.0.2. | 4.3 |
| 2020-05-11 | CVE-2020-1698 | Information Exposure Through Log Files vulnerability in Redhat Keycloak A flaw was found in keycloak in versions before 9.0.0. | 5.5 |
| 2020-05-08 | CVE-2019-10170 | Unspecified vulnerability in Redhat Keycloak A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. | 7.2 |
| 2020-05-08 | CVE-2019-10169 | Unspecified vulnerability in Redhat Keycloak A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. | 7.2 |
| 2020-05-04 | CVE-2020-10686 | Unspecified vulnerability in Redhat Keycloak 8.0.2/9.0.0 A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. | 4.7 |
| 2020-04-06 | CVE-2020-1728 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. | 5.4 |
| 2020-03-24 | CVE-2020-1744 | Improper Handling of Exceptional Conditions vulnerability in Redhat Keycloak A flaw was found in keycloak before version 9.0.1. | 5.6 |
| 2020-02-10 | CVE-2020-1697 | Cross-site Scripting vulnerability in Redhat Keycloak It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. | 5.4 |