Lucene search

Veracode Vulnerability DatabaseVERACODE:19633

HistoryMay 16, 2019 - 3:22 a.m.

Privilege Escalation

2019-05-1603:22:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Keycloak is vulnerable to privilege escalation vulnerability. This is due to an improper implementation of the Brute Force detection algorithm as it does not enforce its protection measures. An attacker can exploit this issue to bypass certain security restrictions and aid in brute-force attacks.

CPENameOperatorVersion
rh-sso7-keycloakeq2.5.15__2.Final_redhat_3.1.jbcs.el6
rh-sso7-keycloakeq3.4.6__1.Final_redhat_1.1.jbcs.el6
rh-sso7-keycloakeq2.5.5__2.Final_redhat_1.1.jbcs.el7
rh-sso7-keycloakeq2.5.14__1.Final_redhat_1.1.jbcs.el6
rh-sso7-keycloakeq3.4.10__1.Final_redhat_1.1.jbcs.el7
rh-sso7-keycloakeq3.4.3__1.Final_redhat_2.1.jbcs.el7
rh-sso7-keycloakeq3.4.12__1.Final_redhat_1.1.jbcs.el7
rh-sso7-keycloakeq3.4.3__1.Final_redhat_2.1.jbcs.el6
rh-sso7-keycloakeq2.5.7__1.Final_redhat_2.1.jbcs.el6
rh-sso7-keycloakeq3.4.8__2.Final_redhat_6.1.jbcs.el6

Name	Operator	Version
rh-sso7-keycloak	eq	2.5.15__2.Final_redhat_3.1.jbcs.el6
rh-sso7-keycloak	eq	3.4.6__1.Final_redhat_1.1.jbcs.el6
rh-sso7-keycloak	eq	2.5.5__2.Final_redhat_1.1.jbcs.el7
rh-sso7-keycloak	eq	2.5.14__1.Final_redhat_1.1.jbcs.el6
rh-sso7-keycloak	eq	3.4.10__1.Final_redhat_1.1.jbcs.el7
rh-sso7-keycloak	eq	3.4.3__1.Final_redhat_2.1.jbcs.el7
rh-sso7-keycloak	eq	3.4.12__1.Final_redhat_1.1.jbcs.el7
rh-sso7-keycloak	eq	3.4.3__1.Final_redhat_2.1.jbcs.el6
rh-sso7-keycloak	eq	2.5.7__1.Final_redhat_2.1.jbcs.el6
rh-sso7-keycloak	eq	3.4.8__2.Final_redhat_6.1.jbcs.el6

Rows per page:

1-10 of 441

References

access.redhat.com/documentation/en-us/red_hat_single_sign_on/?version=7.2

access.redhat.com/errata/RHSA-2018:3592

access.redhat.com/errata/RHSA-2018:3593

access.redhat.com/errata/RHSA-2018:3595

access.redhat.com/security/cve/CVE-2018-14637

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657

issues.jboss.org/browse/JBEAP-15587

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Related for VERACODE:19633