Lucene search

K
redhatRedHatRHSA-2023:4918
HistoryAug 31, 2023 - 1:21 p.m.

(RHSA-2023:4918) Important: Red Hat Single Sign-On 7.6.5 security update on RHEL 7

2023-08-3113:21:36
access.redhat.com
22
red hat single sign-on
rhel 7
security update
bug fixes
enhancements
cve
cvss score
jettison
jackson-databind
undertow
jsonarray
dos
outofmemoryerror

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.025

Percentile

90.4%

Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.6.5 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)

  • jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)

  • undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.025

Percentile

90.4%