Filtered by vendor Redhat Subscriptions
Filtered by product Red Hat Single Sign On Subscriptions
Total 207 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-8629 1 Redhat 5 Enterprise Linux Server, Jboss Single Sign On, Keycloak and 2 more 2024-11-21 N/A
Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm.
CVE-2014-9970 2 Jasypt Project, Redhat 8 Jasypt, Enterprise Linux, Jboss Bpms and 5 more 2024-11-21 N/A
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
CVE-2023-4639 1 Redhat 14 Camel Quarkus, Camel Spring Boot, Integration and 11 more 2024-11-18 7.4 High
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.
CVE-2023-0657 1 Redhat 2 Build Keycloak, Red Hat Single Sign On 2024-11-18 3.4 Low
A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.
CVE-2023-6841 1 Redhat 7 Jboss Enterprise Bpms Platform, Jboss Fuse, Keycloak and 4 more 2024-11-15 7.5 High
A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.
CVE-2022-2232 1 Redhat 1 Red Hat Single Sign On 2024-11-15 7.5 High
A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions.
CVE-2023-1932 1 Redhat 20 A Mq Clients, Amq Broker, Amq Online and 17 more 2024-11-08 6.1 Medium
A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.