Vulnerabilities > Redhat > Single Sign ON > 7.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-14 | CVE-2023-6134 | Cross-site Scripting vulnerability in Redhat products A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. | 5.4 |
| 2023-08-04 | CVE-2023-0264 | Improper Authentication vulnerability in Redhat products A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. | 5.0 |
| 2021-05-26 | CVE-2020-10695 | Incorrect Privilege Assignment vulnerability in Redhat Single Sign-On An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. | 4.6 |
| 2021-01-12 | CVE-2020-14341 | Covert Timing Channel vulnerability in Redhat Single Sign-On The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. | 4.0 |
| 2020-02-10 | CVE-2020-1697 | Cross-site Scripting vulnerability in Redhat Keycloak It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. | 5.4 |
| 2020-01-08 | CVE-2019-14820 | Unspecified vulnerability in Redhat products It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. | 4.0 |
| 2020-01-07 | CVE-2019-14843 | Incorrect Authorization vulnerability in Redhat products A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. | 6.5 |
| 2020-01-07 | CVE-2019-14837 | Use of Hard-coded Credentials vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloack before version 8.0.0. | 6.4 |
| 2019-10-02 | CVE-2019-10212 | Information Exposure Through Log Files vulnerability in multiple products A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. | 4.3 |
| 2019-08-13 | CVE-2019-9515 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. | 7.5 |