Vulnerabilities > Redhat > Single Sign ON > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-01-08 | CVE-2019-14820 | Unspecified vulnerability in Redhat products It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. | 4.0 |
2020-01-07 | CVE-2019-14843 | Incorrect Authorization vulnerability in Redhat products A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. | 6.5 |
2020-01-07 | CVE-2019-14837 | Use of Hard-coded Credentials vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloack before version 8.0.0. | 6.4 |
2019-11-25 | CVE-2019-10174 | Unsafe Reflection vulnerability in multiple products A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. | 6.5 |
2019-11-08 | CVE-2019-10219 | Cross-site Scripting vulnerability in multiple products A vulnerability was found in Hibernate-Validator. | 6.1 |
2019-10-14 | CVE-2019-14838 | Improper Privilege Management vulnerability in Redhat products A flaw was found in wildfly-core before 7.2.5.GA. | 4.0 |
2019-10-02 | CVE-2019-10212 | Information Exposure Through Log Files vulnerability in multiple products A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. | 4.3 |
2019-08-14 | CVE-2019-10201 | Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. | 5.5 |
2019-07-25 | CVE-2019-10184 | Missing Authorization vulnerability in multiple products undertow before version 2.0.23.Final is vulnerable to an information leak issue. | 5.0 |
2019-06-12 | CVE-2019-3875 | Improper Certificate Validation vulnerability in Redhat Keycloak A vulnerability was found in keycloak before 6.0.2. | 5.8 |