Filtered by vendor Redhat
Subscriptions
Filtered by product Single Sign-on
Subscriptions
Total
94 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-3717 | 1 Redhat | 8 Enterprise Linux, Jboss Enterprise Application Platform, Jboss Enterprise Bpms Platform and 5 more | 2024-08-03 | 7.8 High |
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0. | ||||
CVE-2021-3690 | 1 Redhat | 13 Camel Quarkus, Enterprise Linux, Fuse and 10 more | 2024-08-03 | 7.5 High |
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability. | ||||
CVE-2021-3637 | 1 Redhat | 3 Keycloak, Red Hat Single Sign On, Single Sign-on | 2024-08-03 | 7.5 High |
A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack. | ||||
CVE-2021-3632 | 1 Redhat | 4 Enterprise Linux, Keycloak, Red Hat Single Sign On and 1 more | 2024-08-03 | 7.5 High |
A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow. | ||||
CVE-2021-3597 | 2 Netapp, Redhat | 12 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 9 more | 2024-08-03 | 5.9 Medium |
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final. | ||||
CVE-2021-3629 | 2 Netapp, Redhat | 14 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 11 more | 2024-08-03 | 5.9 Medium |
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final. | ||||
CVE-2021-3461 | 1 Redhat | 3 Keycloak, Red Hat Single Sign On, Single Sign-on | 2024-08-03 | 7.1 High |
A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name]. | ||||
CVE-2021-3424 | 1 Redhat | 2 Red Hat Single Sign On, Single Sign-on | 2024-08-03 | 5.3 Medium |
A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges. | ||||
CVE-2022-4492 | 1 Redhat | 16 Build Of Quarkus, Camel Spring Boot, Integration Camel For Spring Boot and 13 more | 2024-08-03 | 7.5 High |
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol. | ||||
CVE-2022-4361 | 1 Redhat | 8 Enterprise Linux, Keycloak, Openshift Container Platform and 5 more | 2024-08-03 | 10 Critical |
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri. | ||||
CVE-2022-4137 | 1 Redhat | 4 Enterprise Linux, Keycloak, Red Hat Single Sign On and 1 more | 2024-08-03 | 8.1 High |
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker. | ||||
CVE-2022-4039 | 1 Redhat | 8 Enterprise Linux, Openshift Container Platform, Openshift Container Platform For Ibm Z and 5 more | 2024-08-03 | 8 High |
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration. | ||||
CVE-2022-3916 | 1 Redhat | 9 Enterprise Linux, Keycloak, Openshift Container Platform and 6 more | 2024-08-03 | 6.8 Medium |
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user. | ||||
CVE-2022-2764 | 2 Netapp, Redhat | 11 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 8 more | 2024-08-03 | 4.9 Medium |
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations. | ||||
CVE-2022-2668 | 1 Redhat | 3 Keycloak, Red Hat Single Sign On, Single Sign-on | 2024-08-03 | 7.2 High |
An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled | ||||
CVE-2022-2237 | 1 Redhat | 3 Keycloak Node.js Adapter, Red Hat Single Sign On, Single Sign-on | 2024-08-03 | 6.1 Medium |
A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function. | ||||
CVE-2022-2256 | 1 Redhat | 2 Red Hat Single Sign On, Single Sign-on | 2024-08-03 | 3.8 Low |
A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality. | ||||
CVE-2022-1466 | 1 Redhat | 3 Keycloak, Red Hat Single Sign On, Single Sign-on | 2024-08-03 | 6.5 Medium |
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted. | ||||
CVE-2022-1319 | 2 Netapp, Redhat | 10 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 7 more | 2024-08-03 | 7.5 High |
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. | ||||
CVE-2022-1259 | 2 Netapp, Redhat | 11 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 8 more | 2024-08-02 | 7.5 High |
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629. |