Product:

Single_sign\-On

(Redhat)
Repositories https://github.com/FasterXML/jackson-databind
#Vulnerabilities 93
Date Id Summary Products Score Patch Annotated
2022-09-01 CVE-2022-2256 A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality. Single_sign\-On 3.8
2022-08-26 CVE-2021-3754 A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password. Keycloak, Single_sign\-On 5.3
2022-08-26 CVE-2022-0084 A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. Integration_camel_k, Integration_camel_quarkus, Single_sign\-On, Xnio 7.5
2022-08-26 CVE-2022-0225 A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack. Keycloak, Single_sign\-On 5.4
2022-08-05 CVE-2022-2668 An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled Keycloak, Single_sign\-On 7.2
2022-04-26 CVE-2022-1466 Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted. Keycloak, Single_sign\-On 6.5
2021-06-01 CVE-2021-3424 A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges. Single_sign\-On 5.3
2022-04-01 CVE-2021-3461 A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name]. Keycloak, Single_sign\-On 7.1
2020-01-23 CVE-2019-14888 A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL. Active_iq_unified_manager, Jboss_data_grid, Jboss_enterprise_application_platform, Jboss_fuse, Single_sign\-On, Undertow 7.5
2022-03-11 CVE-2022-0853 A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability. Descision_manager, Jboss_enterprise_application_platform, Jboss_enterprise_application_platform_expansion_pack, Process_automation, Single_sign\-On 7.5