Vulnerabilities > Redhat > Single Sign ON > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-23 | CVE-2019-14885 | Information Exposure Through Log Files vulnerability in Redhat products A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. | 4.3 |
| 2020-01-23 | CVE-2019-14888 | A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. | 5.0 |
| 2020-01-08 | CVE-2019-14820 | Unspecified vulnerability in Redhat products It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. | 4.0 |
| 2020-01-07 | CVE-2019-14843 | Incorrect Authorization vulnerability in Redhat products A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. | 6.5 |
| 2020-01-07 | CVE-2019-14837 | Use of Hard-coded Credentials vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloack before version 8.0.0. | 6.4 |
| 2019-11-25 | CVE-2019-10174 | Unsafe Reflection vulnerability in multiple products A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. | 6.5 |
| 2019-11-08 | CVE-2019-10219 | Cross-site Scripting vulnerability in multiple products A vulnerability was found in Hibernate-Validator. | 6.1 |
| 2019-10-14 | CVE-2019-14838 | Improper Privilege Management vulnerability in Redhat products A flaw was found in wildfly-core before 7.2.5.GA. | 4.0 |
| 2019-10-02 | CVE-2019-10212 | Information Exposure Through Log Files vulnerability in multiple products A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. | 4.3 |
| 2019-08-14 | CVE-2019-10201 | Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. | 5.5 |