Vulnerabilities > Redhat > Single Sign ON > High

DATE CVE VULNERABILITY TITLE RISK
2022-05-24 CVE-2021-3717 Files or Directories Accessible to External Parties vulnerability in Redhat products
A flaw was found in Wildfly.
local
low complexity
redhat CWE-552
7.8
2022-04-01 CVE-2021-3461 Insufficient Session Expiration vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].
local
low complexity
redhat CWE-613
7.1
2022-03-11 CVE-2022-0853 Memory Leak vulnerability in Redhat products
A flaw was found in JBoss-client.
network
low complexity
redhat CWE-401
7.5
2021-12-14 CVE-2021-4104 Deserialization of Untrusted Data vulnerability in multiple products
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration.
network
high complexity
apache fedoraproject redhat oracle CWE-502
7.5
2021-07-09 CVE-2021-3637 Unspecified vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.
network
low complexity
redhat
7.5
2021-05-26 CVE-2020-10695 Unspecified vulnerability in Redhat Single Sign-On
An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container.
local
low complexity
redhat
7.8
2020-10-06 CVE-2020-25644 Memory Leak vulnerability in multiple products
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session.
network
low complexity
redhat netapp CWE-401
7.5
2020-09-16 CVE-2020-10758 Allocation of Resources Without Limits or Throttling vulnerability in Redhat products
A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.
network
low complexity
redhat CWE-770
7.5
2020-05-13 CVE-2020-1714 Improper Input Validation vulnerability in multiple products
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks.
network
low complexity
redhat quarkus CWE-20
8.8
2020-04-21 CVE-2020-1757 Improper Input Validation vulnerability in Redhat products
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
network
low complexity
redhat CWE-20
8.1