Vulnerabilities > Redhat > Single Sign ON

DATE CVE VULNERABILITY TITLE RISK
2020-01-23 CVE-2019-14888 A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS.
network
low complexity
redhat netapp
7.5
2020-01-08 CVE-2019-14820 Unspecified vulnerability in Redhat products
It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL.
network
low complexity
redhat
4.3
2020-01-07 CVE-2019-14843 Incorrect Authorization vulnerability in Redhat products
A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester.
network
low complexity
redhat CWE-863
8.8
2020-01-07 CVE-2019-14837 Use of Hard-coded Credentials vulnerability in Redhat Keycloak
A flaw was found in keycloack before version 8.0.0.
network
low complexity
redhat CWE-798
critical
9.1
2019-11-25 CVE-2019-10174 Unsafe Reflection vulnerability in multiple products
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges.
network
low complexity
infinispan redhat netapp CWE-470
8.8
2019-11-08 CVE-2019-10219 A vulnerability was found in Hibernate-Validator.
network
low complexity
redhat netapp oracle
6.1
2019-10-14 CVE-2019-14838 Improper Privilege Management vulnerability in Redhat products
A flaw was found in wildfly-core before 7.2.5.GA.
network
low complexity
redhat CWE-269
4.9
2019-10-02 CVE-2019-10212 Information Exposure Through Log Files vulnerability in multiple products
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security.
network
low complexity
redhat netapp CWE-532
critical
9.8
2019-08-14 CVE-2019-10201 Improper Verification of Cryptographic Signature vulnerability in Redhat Keycloak and Single Sign-On
It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures.
network
low complexity
redhat CWE-347
8.1
2019-08-13 CVE-2019-9515 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service.
7.5