Single Sign ON

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-25	CVE-2019-10174	Unsafe Reflection vulnerability in multiple products A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. network low complexity infinispan redhat netapp CWE-470	6.5
2019-11-08	CVE-2019-10219	Cross-site Scripting vulnerability in multiple products A vulnerability was found in Hibernate-Validator. network low complexity redhat netapp oracle CWE-79	6.1
2019-10-14	CVE-2019-14838	Improper Privilege Management vulnerability in Redhat products A flaw was found in wildfly-core before 7.2.5.GA. network low complexity redhat CWE-269	4.0
2019-10-02	CVE-2019-10212	Information Exposure Through Log Files vulnerability in multiple products A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. network redhat netapp CWE-532	4.3
2019-08-14	CVE-2019-10201	Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. network low complexity redhat CWE-287	5.5
2019-08-13	CVE-2019-9515	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. network low complexity apple apache canonical debian synology fedoraproject opensuse redhat oracle mcafee f5 nodejs CWE-770	7.5
2019-08-13	CVE-2019-9514	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. network low complexity apple apache debian canonical synology fedoraproject opensuse redhat oracle mcafee netapp f5 nodejs CWE-770	7.5
2019-07-29	CVE-2019-14379	SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. network low complexity fasterxml debian netapp fedoraproject redhat oracle apple critical	9.8
2019-07-25	CVE-2019-10184	Missing Authorization vulnerability in multiple products undertow before version 2.0.23.Final is vulnerable to an information leak issue. network low complexity redhat netapp CWE-862	5.0
2019-06-12	CVE-2019-3875	Improper Certificate Validation vulnerability in Redhat Keycloak A vulnerability was found in keycloak before 6.0.2. network redhat CWE-295	5.8