The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Red Hat Single Sign-On

Keycloak: vulnerability via Authorization URL Deep Links
A vulnerability via Authorization URL Deep Links of Keycloak was announced...
CVE-2020-1727, RHSA-2020:5625-01, VIGILANCE-VUL-34163
Hibernate ORM: SQL injection via Comments
An attacker can use a SQL injection via Comments of Hibernate ORM, in order to read or alter data...
CVE-2020-25638, DLA-2512-1, RHSA-2020:5174-01, RHSA-2020:5175-01, RHSA-2020:5254-01, RHSA-2020:5340-01, RHSA-2020:5341-01, RHSA-2020:5342-01, RHSA-2020:5344-01, RHSA-2020:5526-01, RHSA-2020:5527-01, RHSA-2020:5528-01, RHSA-2020:5533-01, VIGILANCE-VUL-33940
Keycloak: privilege escalation via View-profile Role
An attacker can bypass restrictions via View-profile Role of Keycloak, in order to escalate his privileges...
CVE-2020-14389, RHSA-2020:4929-01, RHSA-2020:4930-01, RHSA-2020:4931-01, RHSA-2020:4932-01, VIGILANCE-VUL-33827
Keycloak: Cross Site Scripting via redirect_uri
An attacker can trigger a Cross Site Scripting via redirect_uri of Keycloak, in order to run JavaScript code in the context of the web site...
CVE-2020-10776, RHSA-2020:4929-01, RHSA-2020:4930-01, RHSA-2020:4931-01, RHSA-2020:4932-01, VIGILANCE-VUL-33826
WildFly OpenSSL: memory leak via HTTP Session End
An attacker can create a memory leak via HTTP Session End of WildFly OpenSSL, in order to trigger a denial of service...
CVE-2020-25644, RHBUG-1885485, RHSA-2020:4256-01, RHSA-2020:4257-01, RHSA-2020:4922-01, RHSA-2020:4923-01, RHSA-2020:4978-01, RHSA-2020:5340-01, RHSA-2020:5341-01, RHSA-2020:5342-01, RHSA-2020:5344-01, VIGILANCE-VUL-33574
FasterXML Jackson Databind: external XML entity injection
An attacker can transmit malicious XML data to FasterXML Jackson Databind, in order to read a file, scan sites, or trigger a denial of service...
CVE-2020-25649, DLA-2406-1, RHSA-2020:4312-01, RHSA-2020:4401-01, RHSA-2020:4402-01, RHSA-2020:5340-01, RHSA-2020:5341-01, RHSA-2020:5342-01, RHSA-2020:5344-01, RHSA-2020:5526-01, RHSA-2020:5527-01, RHSA-2020:5528-01, RHSA-2020:5533-01, VIGILANCE-VUL-33573
XNIO: denial of service via File Descriptor Leak
An attacker can trigger a fatal error via File Descriptor Leak of XNIO, in order to trigger a denial of service...
CVE-2020-14340, RHBUG-1860218, RHSA-2020:4244-01, RHSA-2020:4245-01, RHSA-2020:4246-01, RHSA-2020:4247-01, RHSA-2020:4929-01, RHSA-2020:4930-01, RHSA-2020:4931-01, RHSA-2020:4932-01, VIGILANCE-VUL-33554
PicketBox: privilege escalation via Admin-only Mode Reload
An attacker can bypass restrictions via Admin-only Mode Reload of PicketBox, in order to escalate his privileges...
CVE-2020-14299, RHBUG-1848533, RHSA-2020:4244-01, RHSA-2020:4245-01, RHSA-2020:4246-01, RHSA-2020:4247-01, RHSA-2020:4929-01, RHSA-2020:4930-01, RHSA-2020:4931-01, RHSA-2020:4932-01, VIGILANCE-VUL-33553
Apache CXF: information disclosure via InstrumentationManager Extension Bus
An attacker can bypass access restrictions to data via InstrumentationManager Extension Bus of Apache CXF, in order to obtain sensitive information...
6344071, cpuoct2020, CVE-2020-1954, RHSA-2020:4244-01, RHSA-2020:4245-01, RHSA-2020:4246-01, RHSA-2020:4247-01, RHSA-2020:4929-01, RHSA-2020:4930-01, RHSA-2020:4931-01, RHSA-2020:4932-01, VIGILANCE-VUL-33515
Apache CXF: information disclosure via OpenId Connect JWK Keys
An attacker can bypass access restrictions to data via OpenId Connect JWK Keys of Apache CXF, in order to obtain sensitive information...
6344071, cpujul2020, cpuoct2020, CVE-2019-12423, RHSA-2020:2058-01, RHSA-2020:2059-01, RHSA-2020:2060-01, RHSA-2020:2061-01, RHSA-2020:2106-01, RHSA-2020:2107-01, RHSA-2020:2108-01, RHSA-2020:2112-01, RHSA-2020:2113-01, RHSA-2020:2511-01, RHSA-2020:2512-01, RHSA-2020:2513-01, RHSA-2020:2515-01, VIGILANCE-VUL-33511
Our database contains other pages. You can request a free trial to read them.

Display information about Red Hat Single Sign-On: