Vulnerabilities > Redhat > Single Sign ON > High

DATE CVE VULNERABILITY TITLE RISK
2020-01-23 CVE-2019-14888 A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS.
network
low complexity
redhat netapp
7.5
2020-01-07 CVE-2019-14843 Incorrect Authorization vulnerability in Redhat products
A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester.
network
low complexity
redhat CWE-863
8.8
2019-11-25 CVE-2019-10174 Unsafe Reflection vulnerability in multiple products
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges.
network
low complexity
infinispan redhat netapp CWE-470
8.8
2019-08-14 CVE-2019-10201 Improper Verification of Cryptographic Signature vulnerability in Redhat Keycloak and Single Sign-On
It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures.
network
low complexity
redhat CWE-347
8.1
2019-08-13 CVE-2019-9515 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service.
7.5
2019-08-13 CVE-2019-9514 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service.
7.5
2019-07-25 CVE-2019-10184 Missing Authorization vulnerability in multiple products
undertow before version 2.0.23.Final is vulnerable to an information leak issue.
network
low complexity
redhat netapp CWE-862
7.5
2019-03-21 CVE-2018-12023 Deserialization of Untrusted Data vulnerability in multiple products
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6.
7.5
2019-03-21 CVE-2018-12022 Deserialization of Untrusted Data vulnerability in multiple products
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6.
7.5
2018-11-13 CVE-2018-14657 Improper Restriction of Excessive Authentication Attempts vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final.
network
high complexity
redhat CWE-307
8.1