Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Redhat Subscribe
Filtered by product Single Sign-on

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-10212 2 Netapp, Redhat 8 Active Iq Unified Manager, Enterprise Linux, Jboss Data Grid and 5 more 2022-02-20 4.3 MEDIUM 9.8 CRITICAL
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.
CVE-2019-14887 1 Redhat 6 Jboss Data Grid, Jboss Enterprise Application Platform, Jboss Fuse and 3 more 2021-11-02 6.4 MEDIUM 9.1 CRITICAL
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable.
CVE-2019-14379 6 Debian, Fasterxml, Fedoraproject and 3 more 24 Debian Linux, Jackson-databind, Fedora and 21 more 2021-06-14 7.5 HIGH 9.8 CRITICAL
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
CVE-2019-14837 1 Redhat 2 Keycloak, Single Sign-on 2020-01-15 6.4 MEDIUM 9.1 CRITICAL
A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be 'service-account-test@placeholder.org'.
CVE-2019-3873 1 Redhat 3 Enterprise Linux, Jboss Enterprise Application Platform, Single Sign-on 2019-07-06 6.0 MEDIUM 9.0 CRITICAL
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.