Single Sign-on@7.0 Security Vulnerabilities and Issues — Single Sign-on@7.0 CVE List

Lucene search

RedhatSingle Sign-on7.0

8 matches found

CVE•added 2023/10/10 2:15 p.m.•4422 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5CVSS8AI score0.94434EPSS

CVE•added 2023/12/18 4:15 p.m.•3816 views

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connecti...

5.9CVSS6.7AI score0.70714EPSS

CVE•added 2023/09/22 3:15 p.m.•3199 views

CVE-2022-4039

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server confi...

9.8CVSS8.7AI score0.00121EPSS

CVE•added 2023/12/18 11:15 p.m.•278 views

CVE-2023-6927

A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.

6.1CVSS5.3AI score0.01836EPSS

CVE•added 2023/12/12 10:15 p.m.•188 views

CVE-2023-5379

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluste...

7.5CVSS7.3AI score0.00128EPSS

CVE•added 2023/02/23 8:15 p.m.•138 views

CVE-2022-4492

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.

7.5CVSS7.3AI score0.00121EPSS

CVE•added 2023/03/27 10:15 p.m.•131 views

CVE-2022-2237

A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.

6.1CVSS6AI score0.00085EPSS

CVE•added 2023/05/26 6:15 p.m.•121 views

CVE-2023-1664

A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If th...

6.5CVSS6.1AI score0.00238EPSS