14 matches found
Astra Linux – Vulnerability in python-kdcproxy
If kdcproxy receives a request for a realm whose configuration does not define any server addresses, it will, by default, query DNS zone records that match the requested realm name. This creates a server-side request-forgery vulnerability, as an attacker could send a request for a realm that...
BIT-PARSE-2026-30949 Parse Server is missing audience validation in Keycloak authentication adapter
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2 and 8.6.18, the Keycloak authentication adapter does not validate the azp authorized party claim of Keycloak access tokens against the configured client-id. A valid access token...
Improper Session Expiration Enforcement
org.keycloak, keycloak-services is vulnerable to improper session expiration enforcement. The vulnerability is due to session expiration logic relying on a session-local “remember-me” flag without validating the current realm-level configuration, which allows an attacker to exploit existing...
CVE-2025-11429
A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me" was active retain their extended session lifetime until they expire, overriding the administrator's recent security...
CVE-2025-11429
CVE-2025-11429 (Keycloak) is a session-management logic flaw in which sessions created with the realm’s Remember Me setting stay valid beyond a recent realm-level security change. The vulnerability stems from how Keycloak expiration logic relies on the per-session remember-me flag without validat...
PT-2025-43516
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A logic flaw exists in Keycloak’s session management. The software does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created...
CVE-2019-11209
The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition 6.0.0; 6.0.1;...
CVE-2019-11209
The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition 6.0.0; 6.0.1;...
Design/Logic Flaw
The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition 6.0.0; 6.0.1;...
CVE-2019-11209 TIBCO FTL Escalation Of Privileges for Realm Configuration
The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition 6.0.0; 6.0.1;...
CVE-2019-11209
CVE-2019-11209 affects TIBCO FTL products (Community, Developer, and Enterprise Editions) across multiple 6.x versions: Community 6.0.0/6.0.1/6.1.0; Developer 6.0.1/6.1.0; Enterprise 6.0.0/6.0.1/6.1.0. The vulnerability is in the realm configuration component and, per the description, could theor...
TIBCO FTL realm server component cross-site request forgery vulnerability
TIBCO FTL is a data distribution solution from TIBCO Software. realm server tibrealmserver is one of the Realm server components. A cross-site request forgery vulnerability exists in the realm server component of TIBCO FTL. An attacker could exploit this vulnerability to gain realm configuration...
CVE-2017-12167
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...
EAP-7: Wrong privileges on multiple property files
It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...