The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Red Hat Single Sign-On

vulnerability note CVE-2019-10157

Keycloak: denial of service via NBF Node.js Adapter

Synthesis of the vulnerability

An attacker can trigger a fatal error via NBF Node.js Adapter of Keycloak, in order to trigger a denial of service.
Impacted products: Red Hat SSO.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 12/06/2019.
Identifiers: CVE-2019-10157, RHSA-2019:1456-01, VIGILANCE-VUL-29514.

Description of the vulnerability

An attacker can trigger a fatal error via NBF Node.js Adapter of Keycloak, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-3875

Keycloak: privilege escalation via CRL Signatures Validation

Synthesis of the vulnerability

An attacker can bypass restrictions via CRL Signatures Validation of Keycloak, in order to escalate his privileges.
Impacted products: Red Hat SSO.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 12/06/2019.
Identifiers: CVE-2019-3875, RHSA-2019:1456-01, VIGILANCE-VUL-29513.

Description of the vulnerability

An attacker can bypass restrictions via CRL Signatures Validation of Keycloak, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-20677

Bootstrap: Cross Site Scripting via Affix Configuration Target

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Affix Configuration Target of Bootstrap, in order to run JavaScript code in the context of the web site.
Impacted products: Red Hat SSO.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 12/06/2019.
Identifiers: CVE-2018-20677, RHSA-2019:1456-01, VIGILANCE-VUL-29512.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via Affix Configuration Target of Bootstrap, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-20676

Bootstrap: Cross Site Scripting via data-viewport

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via data-viewport of Bootstrap, in order to run JavaScript code in the context of the web site.
Impacted products: Red Hat SSO.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 12/06/2019.
Identifiers: CVE-2018-20676, RHSA-2019:1456-01, VIGILANCE-VUL-29511.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via data-viewport of Bootstrap, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-10735

Bootstrap: Cross Site Scripting via data-target

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via data-target of Bootstrap, in order to run JavaScript code in the context of the web site.
Impacted products: Red Hat SSO.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 12/06/2019.
Identifiers: CVE-2016-10735, RHSA-2019:1456-01, VIGILANCE-VUL-29510.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via data-target of Bootstrap, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-3888

Undertow: information disclosure via UndertowLogger.REQUEST_LOGGER.undertowRequestFailed

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via UndertowLogger.REQUEST_LOGGER.undertowRequestFailed of Undertow, in order to obtain sensitive information.
Impacted products: JBoss EAP by Red Hat, Red Hat SSO.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 11/06/2019.
Identifiers: CVE-2019-3888, RHSA-2019:1419-01, RHSA-2019:1420-01, RHSA-2019:1421-01, RHSA-2019:1424-01, RHSA-2019:1456-01, VIGILANCE-VUL-29492.

Description of the vulnerability

An attacker can bypass access restrictions to data via UndertowLogger.REQUEST_LOGGER.undertowRequestFailed of Undertow, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-3873

PicketLink: privilege escalation via xinclude Parameter URL Injection

Synthesis of the vulnerability

An attacker can bypass restrictions via xinclude Parameter URL Injection of PicketLink, in order to escalate his privileges.
Impacted products: JBoss EAP by Red Hat, Red Hat SSO.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 11/06/2019.
Identifiers: CVE-2019-3873, RHSA-2019:1419-01, RHSA-2019:1420-01, RHSA-2019:1421-01, RHSA-2019:1424-01, RHSA-2019:1456-01, VIGILANCE-VUL-29491.

Description of the vulnerability

An attacker can bypass restrictions via xinclude Parameter URL Injection of PicketLink, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-3872

PicketLink: Cross Site Scripting via SAMLRequest RelayState Parameter

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via SAMLRequest RelayState Parameter of PicketLink, in order to run JavaScript code in the context of the web site.
Impacted products: JBoss EAP by Red Hat, Red Hat SSO.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 11/06/2019.
Identifiers: CVE-2019-3872, RHSA-2019:1419-01, RHSA-2019:1420-01, RHSA-2019:1421-01, RHSA-2019:1424-01, RHSA-2019:1456-01, VIGILANCE-VUL-29490.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via SAMLRequest RelayState Parameter of PicketLink, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-3894

Red Hat JBoss Enterprise Application Platform, WildFly: privilege escalation via ElytronManagedThread

Synthesis of the vulnerability

An attacker can bypass restrictions via ElytronManagedThread of Red Hat JBoss Enterprise Application Platform, in order to escalate his privileges.
Impacted products: JBoss EAP by Red Hat, Red Hat SSO, WildFly.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet server.
Creation date: 06/05/2019.
Identifiers: CVE-2019-3894, RHSA-2019:1106-01, RHSA-2019:1107-01, RHSA-2019:1108-01, RHSA-2019:1140-01, VIGILANCE-VUL-29228.

Description of the vulnerability

An attacker can bypass restrictions via ElytronManagedThread of Red Hat JBoss Enterprise Application Platform, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-3805

WildFly: privilege escalation via PID File

Synthesis of the vulnerability

An attacker can bypass restrictions via PID File of WildFly, in order to escalate his privileges.
Impacted products: JBoss EAP by Red Hat, Red Hat SSO, WildFly.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: user shell.
Creation date: 06/05/2019.
Identifiers: CVE-2019-3805, RHSA-2019:1106-01, RHSA-2019:1107-01, RHSA-2019:1108-01, RHSA-2019:1140-01, VIGILANCE-VUL-29227.

Description of the vulnerability

An attacker can bypass restrictions via PID File of WildFly, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Red Hat Single Sign-On: