Redhat

Single Sign-on

106 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-1319

  • EPSS 1.19%
  • Veröffentlicht 31.08.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:40:28

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400...

7.5

CVE-2022-0084

  • EPSS 0.47%
  • Veröffentlicht 26.08.2022 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:37:52

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-rel...

5.4

CVE-2022-0225

Exploit
  • EPSS 0.49%
  • Veröffentlicht 26.08.2022 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:10

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.

7.5

CVE-2021-3632

  • EPSS 0.41%
  • Veröffentlicht 26.08.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:22:01

A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.

5.3

CVE-2021-3754

  • EPSS 12.32%
  • Veröffentlicht 26.08.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:22:20

A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.

7.5

CVE-2021-3859

  • EPSS 0.31%
  • Veröffentlicht 26.08.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:22:40

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.

6.8

CVE-2021-3827

  • EPSS 0.21%
  • Veröffentlicht 23.08.2022 16:15:10
  • Zuletzt bearbeitet 21.11.2024 06:22:33

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authoriza...

7.5

CVE-2021-3690

Exploit
  • EPSS 0.28%
  • Veröffentlicht 23.08.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:22:09

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.

7.2

CVE-2022-2668

  • EPSS 0.47%
  • Veröffentlicht 05.08.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 07:01:28

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled

5.9

CVE-2021-3597

  • EPSS 0.17%
  • Veröffentlicht 24.05.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:21:56

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2...