Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:0327
HistoryFeb 01, 2021 - 6:52 p.m.

(RHSA-2021:0327) Important: Red Hat Single Sign-On 7.4.5 security update

2021-02-0118:52:18
access.redhat.com
85

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.331 Low

EPSS

Percentile

97.0%

JSON

Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.4.5 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • undertow: special character in query results in server errors (CVE-2020-27782)

  • keycloak: Default Client configuration is vulnerable to SSRF using “request_uri” parameter (CVE-2020-10770)

  • apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)

  • wildfly: resource adapter logs plaintext JMS password at warning level on connection error (CVE-2020-25640)

  • wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller (CVE-2020-25689)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

nessus 29
redhat 24
osv 25
prion 8
veracode 5
cve 8
github 8
redhatcve 7
packetstorm 1
ubuntucve 4
githubexploit 1
nuclei 1
zdt 1
debiancve 4
ibm 51
amazon 1
debian 2
cgr 1
oraclelinux 2
almalinux 2
rocky 2
openvas 4
ubuntu 1
mageia 1
wolfi 1
exploitdb 1
freebsd 1
atlassian 2
qualysblog 1
nessus
nessus
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.5 (RHSA-2021:0248)
2021-01-25 00:00:00
RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.5 (RHSA-2021:0246)
2021-01-25 00:00:00
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.5 (RHSA-2021:0247)
2021-01-25 00:00:00
redhat
redhat
(RHSA-2021:0250) Important: Red Hat JBoss Enterprise Application Platform 7.3.5 security update
2021-01-25 16:13:53
(RHSA-2021:0247) Important: Red Hat JBoss Enterprise Application Platform 7.3.5 security update
2021-01-25 16:11:00
(RHSA-2021:0246) Important: Red Hat JBoss Enterprise Application Platform 7.3.5 security update
2021-01-25 16:10:47
osv
osv
CVE-2020-27822
2020-12-08 01:15:12
BIT-wildfly-2020-27822
2024-03-06 11:09:03
Wildfly has a memory leak vulnerability
2022-05-24 17:35:40
prion
prion
Memory corruption
2020-11-02 21:15:00
Design/Logic Flaw
2020-12-08 01:15:00
Server side request forgery (ssrf)
2020-12-15 20:15:00
veracode
veracode
Denial Of Service (DoS)
2020-11-03 05:01:46
Server-Side Request Forgery (SSRF)
2021-02-03 08:49:37
Information Disclosure
2020-10-03 01:14:18
cve
cve
CVE-2020-27822
2020-12-08 01:15:00
CVE-2020-25640
2020-11-24 19:15:00
CVE-2020-10770
2020-12-15 20:15:00
github
github
Wildfly has a memory leak vulnerability
2022-05-24 17:35:40
Wildfly logs plaintext passwords
2022-02-15 01:38:27
Keycloak vulnerable to Server-Side Request Forgery
2022-05-24 17:36:27
redhatcve
redhatcve
CVE-2020-27822
2020-12-04 06:53:06
CVE-2020-25640
2020-09-24 12:47:41
CVE-2020-10770
2020-11-26 06:51:31
packetstorm
packetstorm
Keycloak 12.0.1 Server-Side Request Forgery
2021-10-13 00:00:00
ubuntucve
ubuntucve
CVE-2020-25633
2020-09-18 00:00:00
CVE-2020-27782
2021-02-23 00:00:00
CVE-2020-13956
2020-12-02 00:00:00
githubexploit
githubexploit
Exploit for Server-Side Request Forgery in Redhat Keycloak
2021-10-13 08:40:33
nuclei
nuclei
Keycloak <= 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF)
2021-10-17 15:59:45
zdt
zdt
Keycloak 12.0.1 - (request_uri) Blind Server-Side Request Forgery (Unauthenticated) Exploit
2021-10-13 00:00:00
debiancve
debiancve
CVE-2020-25633
2020-09-18 19:15:00
CVE-2020-27782
2021-02-23 19:15:00
CVE-2020-13956
2020-12-02 17:15:00
ibm
ibm
Security Bulletin: A vulnerability has been identified in Apache HttpClient shipped with Netcool/OMNIbus Integrations Java Gateway Framework (CVE-2020-13956)
2020-12-14 02:40:05
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache httpclient
2021-06-21 23:05:12
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache HttpClient
2021-02-27 03:39:51
amazon
amazon
Medium: httpcomponents-client
2023-02-17 00:11:00
debian
debian
[SECURITY] [DLA 2405-1] httpcomponents-client security update
2020-10-10 17:12:02
[SECURITY] [DSA 4772-1] httpcomponents-client security update
2020-10-14 20:21:34
cgr
cgr
CVE-2020-13956 vulnerabilities
2024-04-25 09:06:10
oraclelinux
oraclelinux
maven:3.5 security update
2022-05-17 00:00:00
maven:3.6 security and enhancement update
2022-05-17 00:00:00
almalinux
almalinux
Moderate: maven:3.5 security update
2022-05-10 08:04:48
Moderate: maven:3.6 security and enhancement update
2022-05-10 08:04:46
rocky
rocky
maven:3.6 security and enhancement update
2022-05-10 08:04:46
maven:3.5 security update
2022-05-10 08:04:48
openvas
openvas
Debian: Security Advisory (DLA-2405-1)
2020-10-11 00:00:00
Ubuntu: Security Advisory (USN-5239-1)
2023-01-27 00:00:00
Mageia: Security Advisory (MGASA-2021-0314)
2022-01-28 00:00:00
ubuntu
ubuntu
HttpClient vulnerability
2022-08-08 00:00:00
mageia
mageia
Updated httpcomponents-client packages fix a security vulnerability
2021-07-07 02:12:30
wolfi
wolfi
CVE-2020-13956 vulnerabilities
2024-04-25 09:06:43
exploitdb
exploitdb
Keycloak 12.0.1 - &#039;request_uri &#039; Blind Server-Side Request Forgery (SSRF) (Unauthenticated)
2021-10-13 00:00:00
freebsd
freebsd
Apache Maven -- multiple vulnerabilities
2021-04-04 00:00:00
atlassian
atlassian
Update Atlassian Platform to 3.5.19 to fix CVE-2018-1000613, CVE-2019-17571 and other vulnerabilities
2021-02-03 22:39:15
Update Atlassian Platform to 3.5.19 to fix CVE-2018-1000613, CVE-2019-17571 and other vulnerabilities
2021-02-03 22:39:15
qualysblog
qualysblog
Identify Server-Side Attacks Using Qualys Periscope
2022-12-01 23:11:35

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.331 Low

EPSS

Percentile

97.0%

JSON
Related for RHSA-2021:0327
nessus29redhat24osv25prion8veracode5cve8github8redhatcve7packetstorm1ubuntucve4githubexploit1nuclei1zdt1debiancve4ibm51amazon1debian2cgr1oraclelinux2almalinux2rocky2openvas4ubuntu1mageia1wolfi1exploitdb1freebsd1atlassian2qualysblog1