Vulnerabilities > Redhat > Single Sign ON > 7.0

DATE CVE VULNERABILITY TITLE RISK
2019-07-25 CVE-2019-10184 Missing Authorization vulnerability in multiple products
undertow before version 2.0.23.Final is vulnerable to an information leak issue.
network
low complexity
redhat netapp CWE-862
5.0
5.0
2019-06-12 CVE-2019-3873 Cross-site Scripting vulnerability in Redhat products
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML.
network
redhat CWE-79
6.0
6.0
2019-06-12 CVE-2019-3872 Cross-site Scripting vulnerability in Redhat products
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x.
network
redhat CWE-79
3.5
3.5
2017-10-26 CVE-2017-12159 Insufficient Session Expiration vulnerability in multiple products
It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session.
network
low complexity
redhat keycloak CWE-613
5.0
5.0
2017-10-26 CVE-2017-12158 Cross-site Scripting vulnerability in multiple products
It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. 		3.5
3.5