Lucene search

K
redhatRedHatRHSA-2023:4920
HistoryAug 31, 2023 - 1:21 p.m.

(RHSA-2023:4920) Important: Red Hat Single Sign-On 7.6.5 security update on RHEL 9

2023-08-3113:21:43
access.redhat.com
28
red hat single sign-on
rhel 9
security update
bug fixes
enhancements
cve-2023-3223
cve-2021-46877
cve-2023-1436
cvss score

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.021

Percentile

89.2%

Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.6.5 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)

  • jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)

  • jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.021

Percentile

89.2%