Vulnerabilities > Redhat > Single Sign ON > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-27 CVE-2022-2237 Open Redirect vulnerability in Redhat Keycloak Node.Js Adapter and Single Sign-On
A flaw was found in the Keycloak Node.js Adapter.
network
low complexity
redhat CWE-601
6.1
2022-09-01 CVE-2022-2764 A flaw was found in Undertow.
network
low complexity
redhat netapp
4.9
2022-08-26 CVE-2022-0225 Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in Keycloak.
network
low complexity
redhat CWE-79
5.4
2022-08-26 CVE-2021-3754 Unspecified vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user.
network
low complexity
redhat
5.3
2022-08-23 CVE-2021-3827 Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed.
network
high complexity
redhat CWE-287
6.8
2022-05-24 CVE-2021-3597 Race Condition vulnerability in multiple products
A flaw was found in undertow.
network
high complexity
redhat netapp CWE-362
5.9
2022-05-24 CVE-2021-3629 Resource Exhaustion vulnerability in multiple products
A flaw was found in Undertow.
network
high complexity
redhat netapp CWE-400
5.9
2022-04-26 CVE-2022-1466 Incorrect Authorization vulnerability in Redhat Keycloak
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform.
network
low complexity
redhat CWE-863
6.5
2021-06-01 CVE-2021-3424 Unspecified vulnerability in Redhat Single Sign-On 7.4
A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible.
network
low complexity
redhat
5.3
2021-05-28 CVE-2020-27826 Unspecified vulnerability in Redhat Keycloak
A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API.
network
high complexity
redhat
4.2