Vulnerabilities > Redhat > Single Sign ON > 7.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-14 | CVE-2023-6134 | Cross-site Scripting vulnerability in Redhat products A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. | 5.4 |
| 2023-08-04 | CVE-2023-0264 | Improper Authentication vulnerability in Redhat products A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. | 5.0 |
| 2021-05-26 | CVE-2020-10695 | Unspecified vulnerability in Redhat Single Sign-On An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. | 7.8 |
| 2021-01-12 | CVE-2020-14341 | Unspecified vulnerability in Redhat Single Sign-On The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. | 2.7 |
| 2020-09-16 | CVE-2020-10748 | Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. | 6.1 |
| 2019-10-02 | CVE-2019-10212 | Information Exposure Through Log Files vulnerability in multiple products A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. | 9.8 |
| 2019-06-12 | CVE-2019-10157 | Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . | 5.5 |
| 2019-03-27 | CVE-2018-10934 | Cross-site Scripting vulnerability in Redhat products A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. | 5.4 |
| 2018-11-13 | CVE-2018-14657 | Improper Restriction of Excessive Authentication Attempts vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. | 8.1 |
| 2018-11-13 | CVE-2018-14655 | Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. | 5.4 |