Vulnerabilities > Redhat > Single Sign ON > 7.4.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-14 | CVE-2023-6134 | Cross-site Scripting vulnerability in Redhat products A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. | 5.4 |
| 2023-08-04 | CVE-2023-0264 | Improper Authentication vulnerability in Redhat products A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. | 5.0 |
| 2022-08-26 | CVE-2021-3632 | Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak. | 7.5 |
| 2021-05-28 | CVE-2020-27826 | Execution with Unnecessary Privileges vulnerability in Redhat Keycloak A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. | 4.9 |