Vulnerabilities > Redhat > Single Sign ON > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-09 CVE-2021-20262 Unspecified vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password.
low complexity
redhat
6.8
2021-03-08 CVE-2020-27838 Unspecified vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in keycloak in versions prior to 13.0.0.
network
low complexity
redhat
6.5
2020-11-02 CVE-2020-25689 A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller.
network
low complexity
redhat netapp
6.5
2020-10-16 CVE-2020-14299 Improper Authentication vulnerability in Redhat products
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode.
network
low complexity
redhat CWE-287
6.5
2020-09-23 CVE-2020-10687 Unspecified vulnerability in Redhat Undertow 1.0.0
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request.
network
high complexity
redhat
4.8
2020-09-16 CVE-2020-10748 Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances.
network
low complexity
redhat CWE-79
6.1
2020-09-16 CVE-2020-1710 Unspecified vulnerability in Redhat products
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.
network
low complexity
redhat
5.3
2020-07-24 CVE-2020-14307 Unspecified vulnerability in Redhat products
A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server.
network
low complexity
redhat
6.5
2020-07-24 CVE-2020-14297 Unspecified vulnerability in Redhat products
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable.
network
low complexity
redhat
6.5
2020-07-06 CVE-2019-14900 SQL Injection vulnerability in multiple products
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1.
network
low complexity
hibernate redhat quarkus CWE-89
6.5