Lucene search
K

23 matches found

EUVD
EUVD
added 2026/06/10 1:55 p.m.9 views

EUVD-2026-36029

A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...

7.3CVSS5.3AI score0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 1:55 p.m.17 views

CVE-2026-53473

The CVE affects the migration-planner-ui-app and describes a cross-site scripting (XSS) flaw in which an attacker can register a malicious discovery agent using a crafted credentialUrl containing JavaScript. When an organizational user clicks the link in the UI, the embedded code executes in the ...

7.3CVSS5.3AI score0.00187EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/10 1:55 p.m.9 views

CVE-2026-53473

A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...

7.3CVSS5.3AI score0.00187EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-5967

Malware in sbrugna...

8.8CVSS7.6AI score0.0119EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2025/04/17 2:38 p.m.8 views

elytron-oidc-client: OIDC Authorization Code Injection

A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with t...

4.2CVSS5.8AI score0.00243EPSS
Exploits0References8
OSV
OSV
added 2024/12/09 9:31 p.m.4 views

GHSA-4V5X-9M47-CQR2 Duplicate Advisory: WildFly Elytron OpenID Connect Client Extension authorization code injection attack

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5565-3c98-g6jc. This link is maintained to preserve external references. Original Description A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the...

4.2CVSS5.8AI score0.00243EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2024/12/09 9:15 p.m.3 views

CVE-2024-12369

A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with t...

4.2CVSS5.9AI score0.00243EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.5 views

OIDC-Client 数据伪造问题漏洞

OIDC-Client is an IdentityModel open source library that provides OpenID Connect OIDC and OAuth2 protocol support for client-side, browser-based JavaScript client applications. OIDC-Client suffers from a data forgery issue vulnerability that stems from an authorization code injection attack that...

4.2CVSS5.2AI score0.00243EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.7 views

PT-2024-17571

Name of the Vulnerable Software and Affected Versions OIDC-Client versions prior to the fixed version EAP 7.x EAP 8.x Description A vulnerability was found in OIDC-Client, allowing authorization code injection attacks to occur when using the RH SSO OIDC adapter with EAP 7.x or the...

4.2CVSS5.9AI score0.00243EPSS
Exploits0References24
OSV
OSV
added 2024/09/30 10:15 a.m.31 views

RHSA-2024:0798 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update on RHEL 7

Bulletin has no description...

7.1CVSS6.3AI score0.0326EPSS
Exploits1References40
OSV
OSV
added 2024/09/27 5:9 p.m.17 views

RHSA-2024:6494 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.10 security update on RHEL 8

Bulletin has no description...

7.1CVSS5.2AI score0.008EPSS
Exploits0References16
OSV
OSV
added 2024/09/13 6:8 p.m.17 views

RHSA-2020:0946 Red Hat Security Advisory: Red Hat Single Sign-On 7.3.7 security update on RHEL 7

Bulletin has no description...

5.6CVSS5.7AI score0.01092EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2024/09/09 4:2 p.m.21 views

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.10 security update on RHEL 8

New Red Hat Single Sign-On 7.6.10 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.1CVSS6.1AI score0.008EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.5 views

PT-2024-2635 · Red Hat · 3Scale +2

Name of the Vulnerable Software and Affected Versions: 3Scale versions used with Keycloak 15 or RHSSO 7.5.0 Description: The issue is related to incorrect handling of insufficient permissions or privileges in the 3Scale API Management software. When the auth type is set to use 3scale oidc issuer...

6.5CVSS7.7AI score0.00486EPSS
Exploits0References9
OSV
OSV
added 2023/09/22 3:15 p.m.7 views

CVE-2022-4039

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server...

9.8CVSS5.5AI score0.00789EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/03/01 9:45 p.m.130 views

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 9

New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.8AI score0.99615EPSS
Exploits41References32
OSV
OSV
added 2022/09/01 9:15 p.m.5 views

CVE-2022-2256

A Stored Cross-site scripting XSS vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality...

3.8CVSS5.8AI score0.0055EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/05/12 12:0 a.m.38 views

RHEL 6 : Red Hat Single Sign-On 7.3.8 security update on RHEL 6 (Important) (RHSA-2020:2106)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2106 advisory. Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

8.8CVSS6.6AI score0.01004EPSS
Exploits0References10
OSV
OSV
added 2020/01/07 5:15 p.m.6 views

CVE-2019-14843

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss E...

8.8CVSS7AI score0.0119EPSS
Exploits0References1
NVD
NVD
added 2020/01/07 5:15 p.m.21 views

CVE-2019-14843

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss E...

8.8CVSS8AI score0.0119EPSS
Exploits0References1
Rows per page
Query Builder