Red Hat Single Sign-on 7.4.1

CPE Details

Red Hat Single Sign-on 7.4.1
redhat
single_sign-on
7.4.1
2020-09-21
12h26 +00:00
2021-06-01
11h32 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:single_sign-on:7.4.1:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

single_sign-on

Version

7.4.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-6134 2023-12-14 21h42 +00:00 A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
5.4
Medium
CVE-2023-0264 2023-08-04 17h09 +00:00 A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
5
Medium
CVE-2021-3632 2022-08-26 13h25 +00:00 A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
7.5
High
CVE-2020-10695 2021-05-26 19h35 +00:00 An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges.
7.8
High