Vulnerabilities > Redhat > Single Sign ON > 7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-26 | CVE-2021-3754 | Unspecified vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. | 5.3 |
| 2022-08-23 | CVE-2021-3827 | Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. | 6.8 |
| 2022-08-05 | CVE-2022-2668 | Unspecified vulnerability in Redhat Keycloak and Single Sign-On An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled | 7.2 |
| 2022-04-01 | CVE-2021-3461 | Insufficient Session Expiration vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name]. | 7.1 |
| 2022-03-11 | CVE-2022-0853 | Memory Leak vulnerability in Redhat products A flaw was found in JBoss-client. | 7.5 |
| 2021-12-14 | CVE-2021-4104 | Deserialization of Untrusted Data vulnerability in multiple products JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. | 7.5 |
| 2021-07-09 | CVE-2021-3637 | Unspecified vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack. | 7.5 |
| 2021-05-26 | CVE-2020-10695 | Unspecified vulnerability in Redhat Single Sign-On An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. | 7.8 |
| 2021-03-09 | CVE-2021-20262 | Unspecified vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. low complexity redhat | 6.8 |
| 2021-03-08 | CVE-2020-27838 | Unspecified vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloak in versions prior to 13.0.0. | 6.5 |