The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Red Hat SSO

Bootstrap: Cross Site Scripting via Scrollspy Data-target Property
An attacker can trigger a Cross Site Scripting via Scrollspy Data-target Property of Bootstrap, in order to run JavaScript code in the context of the web site...
CVE-2018-14041, ibm10880955, RHSA-2019:1456-01, VIGILANCE-VUL-28036
Keycloak: open redirect via org.keycloak.protocol.oidc.utils.RedirectUtils
An attacker can deceive the user via org.keycloak.protocol.oidc.utils.RedirectUtils of Keycloak, in order to redirect him to a malicious site...
CVE-2018-14658, RHSA-2018:3592-01, RHSA-2018:3593-01, RHSA-2018:3595-01, VIGILANCE-VUL-27779
Keycloak: privilege escalation via TOPT Brute Force
An attacker can bypass restrictions via TOPT Brute Force of Keycloak, in order to escalate his privileges...
CVE-2018-14657, RHSA-2018:3592-01, RHSA-2018:3593-01, RHSA-2018:3595-01, VIGILANCE-VUL-27778
Keycloak: code execution via State Parameter
An attacker can use a vulnerability via State Parameter of Keycloak, in order to run code...
CVE-2018-14655, RHSA-2018:3592-01, RHSA-2018:3593-01, RHSA-2018:3595-01, VIGILANCE-VUL-27777
Keycloak: privilege escalation via SAML Expired Certificates
An attacker can bypass restrictions via SAML Expired Certificates of Keycloak, in order to escalate his privileges...
CVE-2018-10894, RHSA-2018:3592-01, RHSA-2018:3593-01, RHSA-2018:3595-01, VIGILANCE-VUL-27776
dom4j: external XML entity injection via XML Injection
An attacker can transmit malicious XML data via XML Injection to dom4j, in order to read a file, scan sites, or trigger a denial of service...
CVE-2018-1000632, DLA-1517-1, NTAP-20190530-0001, openSUSE-SU-2018:2931-1, openSUSE-SU-2018:3998-1, openSUSE-SU-2018:4045-1, RHSA-2019:0362-01, RHSA-2019:0364-01, RHSA-2019:0365-01, RHSA-2019:0380-01, RHSA-2019:1159-01, RHSA-2019:1160-01, RHSA-2019:1161-01, RHSA-2019:1162-01, SUSE-SU-2018:3424-1, SUSE-SU-2018:3908-1, VIGILANCE-VUL-27312
WildFly: information disclosure via IIOP SSL Required
An attacker can bypass access restrictions to data via IIOP SSL Required of WildFly, in order to obtain sensitive information...
CVE-2018-14627, RHSA-2018:3527-01, RHSA-2018:3528-01, RHSA-2018:3529-01, RHSA-2018:3592-01, RHSA-2018:3593-01, RHSA-2018:3595-01, VIGILANCE-VUL-27147, WFLY-9107
Our database contains other pages. You can request a free trial to read them.

Display information about Red Hat SSO: