Red Hat Single Sign-on 7.5.0

CPE Details

Red Hat Single Sign-on 7.5.0
redhat
single_sign-on
7.5.0
2022-05-04
16h33 +00:00
2022-06-06
11h54 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:redhat:single_sign-on:7.5.0:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

single_sign-on

Version

7.5.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-6134 2023-12-14 21h42 +00:00 A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
5.4
Moyen
CVE-2023-0264 2023-08-04 17h09 +00:00 A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
5
Moyen
CVE-2021-3827 2022-08-23 13h52 +00:00 A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.
6.8
Moyen
CVE-2022-1466 2022-04-26 16h33 +00:00 Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.
6.5
Moyen
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.