Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10734 | 1 Redhat | 4 Jboss Fuse, Keycloak, Openshift Application Runtimes and 1 more | 2021-02-26 | 2.1 LOW | 3.3 LOW |
| A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable. | |||||
| CVE-2020-1717 | 1 Redhat | 4 Jboss Fuse, Keycloak, Openshift Application Runtimes and 1 more | 2021-02-17 | 4.0 MEDIUM | 2.7 LOW |
| A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack. | |||||
| CVE-2020-14341 | 1 Redhat | 1 Single Sign-on | 2021-01-19 | 4.0 MEDIUM | 2.7 LOW |
| The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. By observing differences in the timings of these scans, an attacker may glean information about hosts and ports which they do not have access to scan directly. | |||||