Vulnerabilities > Redhat > Single Sign ON > 7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-26 | CVE-2020-10695 | Incorrect Privilege Assignment vulnerability in Redhat Single Sign-On An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. | 4.6 |
| 2021-03-09 | CVE-2021-20262 | Missing Authentication for Critical Function vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. | 4.6 |
| 2021-03-08 | CVE-2020-27838 | Improper Authentication vulnerability in Redhat Keycloak A flaw was found in keycloak in versions prior to 13.0.0. | 4.3 |
| 2021-02-11 | CVE-2020-1717 | Information Exposure Through an Error Message vulnerability in Redhat products A flaw was found in Keycloak 7.0.1. | 4.0 |
| 2021-02-11 | CVE-2020-10734 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat products A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. | 2.1 |
| 2021-01-12 | CVE-2020-14341 | Covert Timing Channel vulnerability in Redhat Single Sign-On The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. | 4.0 |
| 2020-11-02 | CVE-2020-25689 | Memory Leak vulnerability in multiple products A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. | 6.5 |
| 2020-10-16 | CVE-2020-14299 | Improper Authentication vulnerability in Redhat products A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. | 6.3 |
| 2020-10-06 | CVE-2020-25644 | Memory Leak vulnerability in multiple products A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. | 7.5 |
| 2020-09-16 | CVE-2020-10758 | Allocation of Resources Without Limits or Throttling vulnerability in Redhat Keycloak A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body. | 5.0 |