Vulnerabilities > Redhat > Single Sign ON > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-27 | CVE-2022-2237 | Open Redirect vulnerability in Redhat Keycloak Node.Js Adapter and Single Sign-On A flaw was found in the Keycloak Node.js Adapter. | 6.1 |
2022-09-01 | CVE-2022-2764 | A flaw was found in Undertow. | 4.9 |
2022-08-26 | CVE-2022-0225 | Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak. | 5.4 |
2022-08-26 | CVE-2021-3754 | Unspecified vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. | 5.3 |
2022-08-23 | CVE-2021-3827 | Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. | 6.8 |
2022-05-24 | CVE-2021-3597 | Race Condition vulnerability in multiple products A flaw was found in undertow. | 5.9 |
2022-05-24 | CVE-2021-3629 | Resource Exhaustion vulnerability in multiple products A flaw was found in Undertow. | 5.9 |
2022-04-26 | CVE-2022-1466 | Incorrect Authorization vulnerability in Redhat Keycloak Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. | 6.5 |
2021-06-01 | CVE-2021-3424 | Unspecified vulnerability in Redhat Single Sign-On 7.4 A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. | 5.3 |
2021-05-28 | CVE-2020-27826 | Unspecified vulnerability in Redhat Keycloak A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. | 4.2 |