Red Hat Single Sign-on 7.3.3

CPE Details

Red Hat Single Sign-on 7.3.3
redhat
single_sign-on
7.3.3
2019-10-30
15h31 +00:00
2019-10-30
15h31 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:redhat:single_sign-on:7.3.3:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

single_sign-on

Version

7.3.3

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-6134 2023-12-14 21h42 +00:00 A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
5.4
Moyen
CVE-2023-0264 2023-08-04 17h09 +00:00 A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
5
Moyen
CVE-2020-10695 2021-05-26 19h35 +00:00 An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges.
7.8
Haute
CVE-2020-14341 2021-01-12 13h23 +00:00 The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. By observing differences in the timings of these scans, an attacker may glean information about hosts and ports which they do not have access to scan directly.
2.7
Bas
CVE-2020-10748 2020-09-16 15h56 +00:00 A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.
6.1
Moyen
CVE-2019-10201 2019-08-14 14h09 +00:00 It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information.
8.1
Haute