Single Sign-on@7.2 Security Vulnerabilities and Issues — Single Sign-on@7.2 CVE List

Lucene search

RedhatSingle Sign-on7.2

5 matches found

CVE•added 2019/03/27 1:29 p.m.•103 views

CVE-2018-10934

A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.

5.4CVSS5.5AI score0.00439EPSS

CVE•added 2018/07/23 10:29 p.m.•78 views

CVE-2018-10912

keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the ser...

4.9CVSS4.8AI score0.00474EPSS

CVE•added 2018/08/01 5:29 p.m.•70 views

CVE-2018-10894

It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.

5.5CVSS5.8AI score0.00054EPSS

CVE•added 2018/11/13 7:29 p.m.•58 views

CVE-2018-14657

A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.

8.1CVSS7.8AI score0.00387EPSS

CVE•added 2018/11/13 7:29 p.m.•56 views

CVE-2018-14655

A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login.

5.4CVSS5.7AI score0.00234EPSS