Single Sign-on@7.0 Security Vulnerabilities and Issues — Single Sign-on@7.0 CVE List

Lucene search

RedhatSingle Sign-on7.0

4 matches found

CVE•added 2019/07/25 9:15 p.m.•306 views

CVE-2019-10184

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

7.5CVSS7.2AI score0.01089EPSS

CVE•added 2019/06/12 2:29 p.m.•110 views

CVE-2019-3873

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.

9CVSS8.6AI score0.00506EPSS

CVE•added 2019/06/12 2:29 p.m.•108 views

CVE-2019-3872

It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks.

5.4CVSS5.2AI score0.00234EPSS

CVE•added 2019/08/14 5:15 p.m.•106 views

CVE-2019-10201

It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users ...

8.1CVSS7.9AI score0.00143EPSS