Red Hat Single Sign-on 7.4.7

CPE Details

Red Hat Single Sign-on 7.4.7
redhat
single_sign-on
7.4.7
2022-04-11
17h06 +00:00
2022-11-09
15h47 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:single_sign-on:7.4.7:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

single_sign-on

Version

7.4.7

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-6134 2023-12-14 21h42 +00:00 A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
5.4
Medium
CVE-2023-0264 2023-08-04 17h09 +00:00 A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
5
Medium
CVE-2021-3632 2022-08-26 13h25 +00:00 A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
7.5
High
CVE-2021-3461 2022-04-01 20h17 +00:00 A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].
7.1
High