Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:2713
HistoryMay 10, 2023 - 11:57 a.m.

(RHSA-2023:2713) Moderate: Red Hat Single Sign-On 7.6.3 security update

2023-05-1011:57:32
access.redhat.com
27
red hat single sign-on
keycloak
authentication
single sign-on
web applications
mobile applications
security update
bug fixes
enhancements
cve
information disclosure
cryptography
server identity
dos attack
stack exhaustion
temporary file
insecure temp files
cvss score

0.006 Low

EPSS

Percentile

78.4%

JSON

Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.6.3 serves as a replacement for Red Hat Single Sign-On 7.6.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341)

  • undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)

  • snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)

  • dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)

  • codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)

  • apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)

  • RESTEasy: creation of insecure temp files (CVE-2023-0482)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

nessus 21
redhat 17
ibm 71
veracode 6
prion 7
ubuntucve 5
github 6
nvd 7
cve 7
cvelist 7
debiancve 5
cgr 1
redhatcve 7
openvas 5
osv 13
cnvd 1
fedora 3
wolfi 1
amazon 2
cbl_mariner 2
redos 2
gentoo 1
debian 2
nessus
nessus
RHEL 9 : Red Hat Single Sign-On 7.6.3 security update on RHEL 9 (Moderate) (RHSA-2023:2707)
2023-05-13 00:00:00
RHEL 8 : Red Hat Single Sign-On 7.6.3 security update on RHEL 8 (Moderate) (RHSA-2023:2706)
2023-05-13 00:00:00
RHEL 7 : Red Hat Single Sign-On 7.6.3 security update on RHEL 7 (Moderate) (RHSA-2023:2705)
2023-05-13 00:00:00
redhat
redhat
(RHSA-2023:2707) Moderate: Red Hat Single Sign-On 7.6.3 security update on RHEL 9
2023-05-10 11:18:46
(RHSA-2023:2706) Moderate: Red Hat Single Sign-On 7.6.3 security update on RHEL 8
2023-05-10 11:18:40
(RHSA-2023:2705) Moderate: Red Hat Single Sign-On 7.6.3 security update on RHEL 7
2023-05-10 11:18:21
ibm
ibm
Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in IBM Websphere Application Server Liberty
2023-09-27 14:07:50
Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities
2024-03-15 13:44:04
Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to a server-side request forgery, a denial of service, an attacker obtaining sensitive information, and gaining elevated privileges due to multiple vulnerabilities.
2023-05-01 14:52:39
veracode
veracode
Information Disclosure
2023-01-08 03:34:35
Denial Of Service (DoS)
2022-11-17 12:37:25
Denial Of Service (DoS)
2022-12-13 01:15:13
prion
prion
Information disclosure
2023-01-06 10:15:00
Stack overflow
2022-11-11 13:15:00
Design/Logic Flaw
2022-12-12 18:15:00
ubuntucve
ubuntucve
CVE-2022-38752
2022-09-05 00:00:00
CVE-2022-41881
2022-12-12 00:00:00
CVE-2022-41854
2022-11-11 00:00:00
github
github
snakeYAML before 1.32 vulnerable to Denial of Service due to Out-of-bounds Write
2022-09-06 00:00:27
Apache James MIME4J vulnerable to information disclosure to local users
2023-01-06 12:31:34
HAProxyMessageDecoder Stack Exhaustion DoS
2022-12-12 21:24:29
nvd
nvd
CVE-2022-38752
2022-09-05 10:15:09
CVE-2022-45787
2023-01-06 10:15:10
CVE-2021-0341
2021-02-10 17:15:22
cve
cve
CVE-2022-45787
2023-01-06 10:15:10
CVE-2022-41881
2022-12-12 18:15:12
CVE-2021-0341
2021-02-10 17:15:22
cvelist
cvelist
CVE-2022-45787 Apache James MIME4J: Temporary File Information Disclosure in MIME4J TempFileStorageProvider
2023-01-06 09:31:40
CVE-2022-41881
2022-12-12 00:00:00
CVE-2022-38752 DoS in SnakeYAML
2022-09-05 00:00:00
debiancve
debiancve
CVE-2022-41881
2022-12-12 18:15:12
CVE-2022-41854
2022-11-11 13:15:11
CVE-2023-0482
2023-02-17 22:15:11
cgr
cgr
CVE-2022-41881 vulnerabilities
2024-05-19 03:07:16
redhatcve
redhatcve
CVE-2022-41854
2022-12-09 13:34:48
CVE-2022-45787
2023-03-14 19:43:01
CVE-2021-0341
2022-12-15 20:04:50
openvas
openvas
Fedora: Security Advisory for picocli (FEDORA-2023-27ec59a486)
2023-07-08 00:00:00
Fedora: Security Advisory for snakeyaml (FEDORA-2022-c01dd659fa)
2022-12-21 00:00:00
Fedora: Security Advisory for snakeyaml (FEDORA-2022-8a4e8aa190)
2022-12-21 00:00:00
osv
osv
Apache James MIME4J vulnerable to information disclosure to local users
2023-01-06 12:31:34
HAProxyMessageDecoder Stack Exhaustion DoS
2022-12-12 21:24:29
CVE-2022-38752
2022-09-05 10:15:09
cnvd
cnvd
Apache James licensing issue vulnerability
2023-01-11 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: picocli-4.7.4-1.fc38
2023-07-06 02:19:58
[SECURITY] Fedora 36 Update: snakeyaml-1.32-1.fc36
2022-12-21 01:18:24
[SECURITY] Fedora 37 Update: snakeyaml-1.32-1.fc37
2022-12-21 01:29:20
wolfi
wolfi
CVE-2022-41881 vulnerabilities
2024-05-29 03:07:31
amazon
amazon
Low: snakeyaml
2024-02-01 19:57:00
Medium: resteasy-base
2024-01-03 21:04:00
cbl_mariner
cbl_mariner
CVE-2022-38752 affecting package snakeyaml 1.25-2
2024-06-26 09:08:30
CVE-2022-41854 affecting package snakeyaml 1.25-2
2024-06-26 09:08:30
redos
redos
ROS-20240514-05
2024-05-14 00:00:00
ROS-20240514-04
2024-05-14 00:00:00
gentoo
gentoo
snakeyaml: Multiple Vulnerabilities
2023-05-21 00:00:00
debian
debian
[SECURITY] [DLA 3268-1] netty security update
2023-01-11 22:57:14
[SECURITY] [DSA 5316-1] netty security update
2023-01-11 22:38:12

0.006 Low

EPSS

Percentile

78.4%

JSON
Related for RHSA-2023:2713
nessus21redhat17ibm71veracode6prion7ubuntucve5github6nvd7cve7cvelist7debiancve5cgr1redhatcve7openvas5osv13cnvd1fedora3wolfi1amazon2cbl_mariner2redos2gentoo1debian2