7 matches found
EUVD-2026-12688
Keycloak: Unauthorized access via improper validation of encrypted SAML assertions...
Duplicate Advisory: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-794g-x443-36f7. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly...
CVE-2026-2092
Keycloak SAML broker endpoint vulnerability: encrypted SAML assertions are not properly validated when the overall SAML response is unsigned. An attacker with a valid signed SAML assertion can craft a malicious SAML response to inject an encrypted assertion for an arbitrary principal, leading to ...
CVE-2020-36892
Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating ro...
PT-2025-50515
Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative...
EUVD-2018-0810
Malware in sbrugna...
keycloak: expiration not validated in SAML broker consumer endpoint
The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack...