Vulnerabilities > Redhat > Single Sign ON > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-16 | CVE-2020-1710 | Unspecified vulnerability in Redhat products The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400. | 5.0 |
| 2020-07-24 | CVE-2020-14307 | Improper Resource Shutdown or Release vulnerability in Redhat products A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. | 6.5 |
| 2020-07-24 | CVE-2020-14297 | Resource Exhaustion vulnerability in Redhat products A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. | 6.5 |
| 2020-07-06 | CVE-2019-14900 | SQL Injection vulnerability in multiple products A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. | 6.5 |
| 2020-05-26 | CVE-2020-10719 | HTTP Request Smuggling vulnerability in multiple products A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. | 6.5 |
| 2020-05-13 | CVE-2020-1714 | Improper Input Validation vulnerability in multiple products A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. | 6.5 |
| 2020-05-11 | CVE-2020-1724 | Insufficient Session Expiration vulnerability in Redhat Keycloak A flaw was found in Keycloak in versions before 9.0.2. | 4.3 |
| 2020-04-21 | CVE-2020-1757 | Improper Input Validation vulnerability in Redhat products A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass. | 5.5 |
| 2020-03-16 | CVE-2019-14887 | Unspecified vulnerability in Redhat products A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. | 6.4 |
| 2020-02-10 | CVE-2020-1697 | Cross-site Scripting vulnerability in Redhat Keycloak It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. | 5.4 |