Vulnerabilities > Redhat > Single Sign ON
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-09 | CVE-2021-3637 | Allocation of Resources Without Limits or Throttling vulnerability in Redhat Keycloak A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack. | 5.0 |
| 2021-06-01 | CVE-2021-3424 | Unspecified vulnerability in Redhat Single Sign-On 7.4 A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. | 5.0 |
| 2021-05-28 | CVE-2020-27826 | Execution with Unnecessary Privileges vulnerability in Redhat Keycloak A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. | 4.9 |
| 2021-05-26 | CVE-2020-10695 | Incorrect Privilege Assignment vulnerability in Redhat Single Sign-On An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. | 4.6 |
| 2021-03-09 | CVE-2021-20262 | Missing Authentication for Critical Function vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. | 4.6 |
| 2021-03-08 | CVE-2020-27838 | Improper Authentication vulnerability in Redhat Keycloak A flaw was found in keycloak in versions prior to 13.0.0. | 4.3 |
| 2021-02-11 | CVE-2020-1717 | Information Exposure Through an Error Message vulnerability in Redhat products A flaw was found in Keycloak 7.0.1. | 4.0 |
| 2021-02-11 | CVE-2020-10734 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat products A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. | 2.1 |
| 2021-01-12 | CVE-2020-14341 | Covert Timing Channel vulnerability in Redhat Single Sign-On The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. | 4.0 |
| 2020-11-02 | CVE-2020-25689 | Memory Leak vulnerability in multiple products A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. | 6.5 |