Vulnerabilities > Redhat > Single Sign ON > 7.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-25 | CVE-2019-10184 | Missing Authorization vulnerability in multiple products undertow before version 2.0.23.Final is vulnerable to an information leak issue. | 5.0 |
2019-06-12 | CVE-2019-3873 | Cross-site Scripting vulnerability in Redhat products It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. | 6.0 |
2019-06-12 | CVE-2019-3872 | Cross-site Scripting vulnerability in Redhat products It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. | 3.5 |
2017-10-26 | CVE-2017-12159 | Insufficient Session Expiration vulnerability in multiple products It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. | 5.0 |
2017-10-26 | CVE-2017-12158 | Cross-site Scripting vulnerability in multiple products It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. | 3.5 |