Red Hat Single Sign-on 7.4.10

CPE Details

Red Hat Single Sign-on 7.4.10
redhat
single_sign-on
7.4.10
2022-08-30
12h54 +00:00
2022-09-20
16h42 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:single_sign-on:7.4.10:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

single_sign-on

Version

7.4.10

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-6134 2023-12-14 21h42 +00:00 A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
5.4
Medium
CVE-2023-0264 2023-08-04 17h09 +00:00 A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
5
Medium
CVE-2021-3859 2022-08-25 22h00 +00:00 A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
7.5
High