4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
35.7%
JBoss KeyCloak is vulnerable to soft token deletion via CSRF. This issue is fixed in Keycloak 1.0.2.Final.
CPE | Name | Operator | Version |
---|---|---|---|
org.keycloak:keycloak-services | lt | 1.0.2.Final |
access.redhat.com/security/cve/cve-2014-3655
bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655
github.com/advisories/GHSA-237q-6hjp-pchq
github.com/keycloak/keycloak/commit/0b8b31a3ea7d8d7ac8b14a020613fc32aa5e9d9d
github.com/keycloak/keycloak/pull/703
github.com/victims/victims-cve-db/blob/master/database/java/2014/3655.yaml
nvd.nist.gov/vuln/detail/CVE-2014-3655
snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
35.7%