Vulnerabilities > Redhat > Single Sign ON > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-26 CVE-2020-10719 HTTP Request Smuggling vulnerability in multiple products
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes.
network
low complexity
redhat netapp CWE-444
6.5
2020-05-11 CVE-2020-1724 Insufficient Session Expiration vulnerability in Redhat Keycloak
A flaw was found in Keycloak in versions before 9.0.2.
network
low complexity
redhat CWE-613
4.3
2020-02-10 CVE-2020-1697 Cross-site Scripting vulnerability in Redhat Keycloak
It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks.
network
low complexity
redhat CWE-79
5.4
2020-01-23 CVE-2019-14885 Information Exposure Through Log Files vulnerability in Redhat products
A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA.
network
low complexity
redhat CWE-532
4.3
2020-01-08 CVE-2019-14820 Unspecified vulnerability in Redhat products
It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL.
network
low complexity
redhat
4.3
2019-11-08 CVE-2019-10219 A vulnerability was found in Hibernate-Validator.
network
low complexity
redhat netapp oracle
6.1
2019-10-14 CVE-2019-14838 Improper Privilege Management vulnerability in Redhat products
A flaw was found in wildfly-core before 7.2.5.GA.
network
low complexity
redhat CWE-269
4.9
2019-06-12 CVE-2019-3875 Improper Certificate Validation vulnerability in Redhat Keycloak and Single Sign-On
A vulnerability was found in keycloak before 6.0.2.
network
high complexity
redhat CWE-295
4.8
2019-06-12 CVE-2019-3872 Cross-site Scripting vulnerability in Redhat products
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x.
network
low complexity
redhat CWE-79
5.4
2019-06-12 CVE-2019-10157 Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On
It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout .
local
low complexity
redhat CWE-287
5.5