Vulnerabilities > Redhat > Keycloak > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-12 | CVE-2020-1718 | Improper Authentication vulnerability in Redhat Keycloak A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. | 8.8 |
| 2020-05-08 | CVE-2019-10170 | Unspecified vulnerability in Redhat Keycloak A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. | 7.2 |
| 2020-05-08 | CVE-2019-10169 | Unspecified vulnerability in Redhat Keycloak A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. | 7.2 |
| 2019-12-05 | CVE-2019-14910 | Improper Certificate Validation vulnerability in Redhat Keycloak 7.0.0/7.0.1 A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered. | 7.5 |
| 2019-12-04 | CVE-2019-14909 | Improper Authentication vulnerability in Redhat Keycloak 7.0.0/7.0.1 A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted. | 7.5 |
| 2018-11-13 | CVE-2018-14657 | Improper Restriction of Excessive Authentication Attempts vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. | 8.1 |
| 2018-08-01 | CVE-2016-8609 | Improper Authentication vulnerability in Redhat Keycloak It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. | 8.1 |