6 matches found
RHEL 7 : Red Hat Single Sign-On 7.2.5 on RHEL 7 (RHSA-2018:3593)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3593 advisory. Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
CVE-2018-14655
CVE-2018-14655 affects Keycloak 3.4.3.Final, 4.0.0.Beta2 and 4.3.0.Final. When using response_mode=form_post the state parameter can be injected with arbitrary JavaScript, enabling an XSS during login. Connected sources (GHSA/RHSA/NVD) corroborate the vulnerability and link to Red Hat advisories ...
CVE-2018-14655
A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'responsemode=formpost' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.2.5 security and bug fix update
A security update is now available for Red Hat Single Sign-On 7.2 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.2.5 on RHEL 7 security and bug fix update
New Red Hat Single Sign-On 7.2.5 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.2.5 on RHEL 6 security and bug fix update
New Red Hat Single Sign-On 7.2.5 packages are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...