The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Red Hat Single Sign-On

Keycloak: information disclosure via SSRF
An attacker can bypass access restrictions to data via SSRF of Keycloak, in order to obtain sensitive information...
CVE-2020-10770, RHSA-2021:0318-01, RHSA-2021:0319-01, RHSA-2021:0320-01, RHSA-2021:0327-01, VIGILANCE-VUL-34448
Red Hat Single Sign-On: information disclosure via SMTP Connections
An attacker can bypass access restrictions to data via SMTP Connections of Red Hat Single Sign-On, in order to obtain sensitive information...
CVE-2020-14341, RHBUG-1860138, VIGILANCE-VUL-34305
Node.js angular.js: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Node.js angular.js, in order to run JavaScript code in the context of the web site...
6361623, CVE-2020-7676, RHSA-2021:0967-01, RHSA-2021:0968-01, RHSA-2021:0969-01, RHSA-2021:0974-01, VIGILANCE-VUL-34248
Bouncy Castle: privilege escalation via OpenBSDBCrypt.checkPassword
An attacker can bypass restrictions via OpenBSDBCrypt.checkPassword() of Bouncy Castle, in order to escalate his privileges...
CERTFR-2021-AVI-004, cpuapr2021, CVE-2020-28052, RHSA-2021:0872-01, RHSA-2021:0873-01, RHSA-2021:0874-01, RHSA-2021:0885-01, RHSA-2021:0967-01, RHSA-2021:0968-01, RHSA-2021:0969-01, RHSA-2021:0974-01, VIGILANCE-VUL-34167
Keycloak: vulnerability via Authorization URL Deep Links
A vulnerability via Authorization URL Deep Links of Keycloak was announced...
CVE-2020-1727, RHSA-2020:5625-01, VIGILANCE-VUL-34163
Keycloak: privilege escalation via Account REST API
An attacker can bypass restrictions via Account REST API of Keycloak, in order to escalate his privileges...
CVE-2020-27826, RHSA-2020:5526-01, RHSA-2020:5527-01, RHSA-2020:5528-01, RHSA-2020:5533-01, VIGILANCE-VUL-34129
Red Hat Single Sign-On: privilege escalation via redhat-sso-7
An attacker can bypass restrictions via redhat-sso-7 of Red Hat Single Sign-On, in order to escalate his privileges...
CVE-2020-10695, RHSA-2020:5526-01, RHSA-2020:5527-01, RHSA-2020:5528-01, RHSA-2020:5533-01, VIGILANCE-VUL-34128
Hibernate ORM: SQL injection via Comments
An attacker can use a SQL injection via Comments of Hibernate ORM, in order to read or alter data...
CVE-2020-25638, DLA-2512-1, DSA-4908-1, RHSA-2020:5174-01, RHSA-2020:5175-01, RHSA-2020:5254-01, RHSA-2020:5340-01, RHSA-2020:5341-01, RHSA-2020:5342-01, RHSA-2020:5344-01, RHSA-2020:5526-01, RHSA-2020:5527-01, RHSA-2020:5528-01, RHSA-2020:5533-01, VIGILANCE-VUL-33940
Keycloak: privilege escalation via View-profile Role
An attacker can bypass restrictions via View-profile Role of Keycloak, in order to escalate his privileges...
CVE-2020-14389, RHSA-2020:4929-01, RHSA-2020:4930-01, RHSA-2020:4931-01, RHSA-2020:4932-01, VIGILANCE-VUL-33827
Keycloak: Cross Site Scripting via redirect_uri
An attacker can trigger a Cross Site Scripting via redirect_uri of Keycloak, in order to run JavaScript code in the context of the web site...
CVE-2020-10776, RHSA-2020:4929-01, RHSA-2020:4930-01, RHSA-2020:4931-01, RHSA-2020:4932-01, VIGILANCE-VUL-33826
Our database contains other pages. You can request a free trial to read them.

Display information about Red Hat Single Sign-On: