Vulnerabilities > Redhat > Single Sign ON > 7.3.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-14 | CVE-2023-6134 | Cross-site Scripting vulnerability in Redhat products A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. | 5.4 |
| 2023-08-04 | CVE-2023-0264 | Improper Authentication vulnerability in Redhat products A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. | 5.0 |
| 2021-05-26 | CVE-2020-10695 | Incorrect Privilege Assignment vulnerability in Redhat Single Sign-On An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. | 4.6 |
| 2021-01-12 | CVE-2020-14341 | Covert Timing Channel vulnerability in Redhat Single Sign-On The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. | 4.0 |
| 2020-09-16 | CVE-2020-10748 | Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. | 4.3 |
| 2019-08-14 | CVE-2019-10201 | Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. | 5.5 |