Vulnerabilities > Redhat > Single Sign ON > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-22 CVE-2022-4039 Incorrect Default Permissions vulnerability in Redhat products
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled.
network
low complexity
redhat CWE-276
critical
9.8
2020-03-16 CVE-2019-14887 Unspecified vulnerability in Redhat products
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored.
network
low complexity
redhat
critical
9.1
2020-01-07 CVE-2019-14837 Use of Hard-coded Credentials vulnerability in Redhat Keycloak
A flaw was found in keycloack before version 8.0.0.
network
low complexity
redhat CWE-798
critical
9.1
2019-10-02 CVE-2019-10212 Information Exposure Through Log Files vulnerability in multiple products
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security.
network
low complexity
redhat netapp CWE-532
critical
9.8
2019-07-29 CVE-2019-14379 SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
network
low complexity
fasterxml debian netapp fedoraproject redhat oracle apple
critical
9.8
2019-06-12 CVE-2019-3873 Cross-site Scripting vulnerability in Redhat products
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML.
network
low complexity
redhat CWE-79
critical
9.0