Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:3527
HistorySep 14, 2021 - 12:15 p.m.

(RHSA-2021:3527) Moderate: Red Hat Single Sign-On 7.4.9 security update on RHEL 6

2021-09-1412:15:23
access.redhat.com
15

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

64.9%

JSON

Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.4.9 serves as a replacement for Red Hat Single Sign-On 7.4.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)

  • keycloak: Brute force attack is possible even after the account lockout (CVE-2021-3513)

  • keycloak: Anyone can register a new device when there is no device registered for passwordless login (CVE-2021-3632)

  • keycloak-model-infinispan: authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly could lead to a DoS attack (CVE-2021-3637)

  • keycloak: X509 Direct Grant Auth does not verify certificate timestamp validity (CVE-2020-35509)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

nessus 5
redhat 13
redhatcve 5
prion 5
osv 10
cve 5
github 5
veracode 4
archlinux 2
ibm 9
ubuntucve 1
debiancve 1
suse 1
oracle 1
nessus
nessus
RHEL 6 : Red Hat Single Sign-On 7.4.9 security update on RHEL 6 (Moderate) (RHSA-2021:3527)
2022-09-15 00:00:00
RHEL 7 : Red Hat Single Sign-On 7.4.9 security update on RHEL 7 (Moderate) (RHSA-2021:3528)
2022-09-15 00:00:00
RHEL 8 : Red Hat Single Sign-On 7.4.9 security update on RHEL 8 (Moderate) (RHSA-2021:3529)
2022-09-15 00:00:00
redhat
redhat
(RHSA-2021:3529) Moderate: Red Hat Single Sign-On 7.4.9 security update on RHEL 8
2021-09-14 12:15:47
(RHSA-2021:3528) Moderate: Red Hat Single Sign-On 7.4.9 security update on RHEL 7
2021-09-14 12:15:26
(RHSA-2021:3534) Moderate: Red Hat Single Sign-On 7.4.9 security update
2021-09-14 12:33:52
redhatcve
redhatcve
CVE-2020-35509
2021-01-04 13:00:29
CVE-2020-28491
2021-06-18 10:50:29
CVE-2021-3637
2021-07-06 20:45:29
prion
prion
Design/Logic Flaw
2022-08-23 16:15:00
Design/Logic Flaw
2021-02-18 16:15:00
Design/Logic Flaw
2021-07-09 11:15:00
osv
osv
Keycloak vulnerable to Improper Certificate Validation
2022-08-24 00:00:29
CVE-2020-35509
2022-08-23 16:15:00
Denial of Service (DoS) in Jackson Dataformat CBOR
2021-12-09 19:17:21
cve
cve
CVE-2020-35509
2022-08-23 16:15:00
CVE-2020-28491
2021-02-18 16:15:00
CVE-2021-3637
2021-07-09 11:15:00
github
github
Keycloak vulnerable to Improper Certificate Validation
2022-08-24 00:00:29
Denial of Service (DoS) in Jackson Dataformat CBOR
2021-12-09 19:17:21
Allocation of resources without limits or throttling in keycloak-model-infinispan
2021-07-13 17:43:23
veracode
veracode
Improper Certificate Validation
2021-01-05 03:43:52
Denial Of Service (DoS)
2021-02-19 01:15:41
Denial Of Service (DoS)
2021-07-14 07:07:23
archlinux
archlinux
[ASA-202106-53] keycloak: certificate verification bypass
2021-06-22 00:00:00
[ASA-202105-6] keycloak: multiple issues
2021-05-19 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-dataformat
2021-05-14 01:37:34
Security Bulletin: Information disclosure in FasterXML Jackson Dataformats affect IBM Operations Analytics - Log Analysis (CVE-2020-28491)
2022-11-22 13:01:21
Security Bulletin: Jackson-Dataformats Vulnerability Affects the B2B API of IBM Sterling B2B Integrator (CVE-2020-28491)
2021-10-05 20:41:21
ubuntucve
ubuntucve
CVE-2020-28491
2021-02-18 00:00:00
debiancve
debiancve
CVE-2020-28491
2021-02-18 16:15:00
suse
suse
Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core (important)
2022-05-16 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

64.9%

JSON
Related for RHSA-2021:3527
nessus5redhat13redhatcve5prion5osv10cve5github5veracode4archlinux2ibm9ubuntucve1debiancve1suse1oracle1