Vulnerabilities > Redhat > Keycloak > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-26 CVE-2023-1664 Improper Certificate Validation vulnerability in Redhat products
A flaw was found in Keycloak.
network
low complexity
redhat CWE-295
6.5
2023-03-29 CVE-2022-1274 Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in Keycloak in the execute-actions-email endpoint.
network
low complexity
redhat CWE-79
5.4
2023-01-13 CVE-2023-0105 Improper Authentication vulnerability in Redhat Keycloak
A flaw was found in Keycloak.
network
low complexity
redhat CWE-287
6.5
2022-08-26 CVE-2022-0225 Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in Keycloak.
network
low complexity
redhat CWE-79
5.4
2022-08-26 CVE-2021-3754 Unspecified vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user.
network
low complexity
redhat
5.3
2022-08-26 CVE-2021-3856 Path Traversal vulnerability in Redhat Keycloak
ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader.
network
low complexity
redhat CWE-22
4.3
2022-08-23 CVE-2020-35509 Improper Certificate Validation vulnerability in Redhat Keycloak 11.0.3/12.0.0
A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0.
network
low complexity
redhat CWE-295
5.4
2022-08-23 CVE-2021-3827 Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed.
network
high complexity
redhat CWE-287
6.8
2022-04-26 CVE-2022-1466 Incorrect Authorization vulnerability in Redhat Keycloak
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform.
network
low complexity
redhat CWE-863
6.5
2022-03-25 CVE-2021-20323 Cross-site Scripting vulnerability in Redhat Keycloak
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
network
low complexity
redhat CWE-79
6.1