Vulnerabilities > Redhat > Keycloak > High

DATE CVE VULNERABILITY TITLE RISK
2020-05-08 CVE-2019-10169 Unspecified vulnerability in Redhat Keycloak
A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy.
network
low complexity
redhat
7.2
2019-12-04 CVE-2019-14909 Improper Authentication vulnerability in Redhat Keycloak 7.0.0/7.0.1
A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.
network
low complexity
redhat CWE-287
8.3
2019-10-15 CVE-2019-14832 Incorrect Authorization vulnerability in Redhat Keycloak
A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured.
network
high complexity
redhat CWE-863
7.5
2019-08-14 CVE-2019-10201 Improper Verification of Cryptographic Signature vulnerability in Redhat Keycloak and Single Sign-On
It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures.
network
low complexity
redhat CWE-347
8.1
2019-08-14 CVE-2019-10199 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Keycloak
It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests.
network
low complexity
redhat CWE-352
8.8
2018-11-30 CVE-2018-14637 Improper Authentication vulnerability in Redhat Keycloak
The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions.
network
high complexity
redhat CWE-287
8.1
2018-11-13 CVE-2018-14657 Improper Restriction of Excessive Authentication Attempts vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final.
network
high complexity
redhat CWE-307
8.1
2018-08-01 CVE-2016-8609 Improper Authentication vulnerability in Redhat Keycloak
It was found that the keycloak before 2.3.0 did not implement authentication flow correctly.
network
low complexity
redhat CWE-287
8.1
2018-07-27 CVE-2017-2646 Infinite Loop vulnerability in Redhat Keycloak
It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop.
network
low complexity
redhat CWE-835
7.5
2017-10-26 CVE-2017-12160 Improper Authentication vulnerability in Redhat Keycloak
It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation.
network
low complexity
redhat CWE-287
7.2