Vulnerabilities > Redhat > Single Sign ON

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2023-5379 Allocation of Resources Without Limits or Throttling vulnerability in Redhat products
A flaw was found in Undertow.
network
low complexity
redhat CWE-770
7.5
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2023-10-04 CVE-2023-2422 Improper Certificate Validation vulnerability in Redhat products
A flaw was found in Keycloak.
network
low complexity
redhat CWE-295
7.1
2023-09-27 CVE-2023-3223 Unspecified vulnerability in Redhat products
A flaw was found in undertow.
network
low complexity
redhat
7.5
2023-09-25 CVE-2022-4137 Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling.
network
low complexity
redhat CWE-79
6.1
2023-09-22 CVE-2022-4039 Incorrect Default Permissions vulnerability in Redhat products
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled.
network
low complexity
redhat CWE-276
critical
9.8
2023-09-20 CVE-2022-3916 Insufficient Session Expiration vulnerability in Redhat products
A flaw was found in the offline_access scope in Keycloak.
network
high complexity
redhat CWE-613
6.8
2023-09-14 CVE-2023-1108 Infinite Loop vulnerability in multiple products
A flaw was found in undertow.
network
low complexity
redhat netapp CWE-835
7.5
2023-08-04 CVE-2023-0264 Improper Authentication vulnerability in Redhat products
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests.
network
high complexity
redhat CWE-287
5.0
2023-07-07 CVE-2022-4361 Cross-site Scripting vulnerability in Redhat products
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers.
network
low complexity
redhat CWE-79
6.1