cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-4028,https://securityvulnerability.io/vulnerability/CVE-2024-4028,Stored XSS Vulnerability in Keycloak Admin Console,"A vulnerability in Keycloak has been identified that may allow an attacker with elevated privileges to execute a stored cross-site scripting (XSS) attack. This issue arises when an attacker provides a malicious payload during the creation of resources and permissions in the admin console. If successful, this could lead to unauthorized actions and data exposure within the Keycloak environment, giving attackers the ability to manipulate the application behavior when the malicious payload is executed in the context of an unsuspecting user.",Red Hat,"Red Hat Build Of Keycloak,Red Hat Single Sign-on 7",3.8,LOW,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-18T17:54:08.752Z,0
CVE-2024-11831,https://securityvulnerability.io/vulnerability/CVE-2024-11831,Cross-site Scripting Vulnerability in Serialize-Javascript by Yahoo,"A vulnerability exists in the serialize-javascript module due to inadequate sanitization of inputs, particularly JavaScript object types and regex expressions. This flaw allows attackers to inject malicious code that may be executed in a web browser context when the serialized data is deserialized. This poses significant risks in scenarios where the serialized outputs are shared with web clients, rendering the web applications reliant on this package susceptible to XSS attacks.",Red Hat,"Red Hat Advanced Cluster Security 4.4,Red Hat Advanced Cluster Security 4.5,Cryostat 3,Logging Subsystem For Red Hat Openshift,Migration Toolkit For Applications 7,Migration Toolkit For Virtualization,.net 6.0 On Red Hat Enterprise Linux,Openshift Lightspeed,Openshift Pipelines,Openshift Serverless,Openshift Service Mesh 2,Red Hat 3scale Api Management Platform 2,Red Hat Advanced Cluster Management For Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Discovery,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Openshift Ai (rhoai),Red Hat Openshift Container Platform 3.11,Red Hat Openshift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Dev Spaces,Red Hat Openshift Distributed Tracing 3,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Single Sign-on 7,Red Hat Trusted Profile Analyzer",5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-02-10T15:27:46.732Z,0
CVE-2025-23367,https://securityvulnerability.io/vulnerability/CVE-2025-23367,Role-Based Access Control Vulnerability in Wildfly Server,"A vulnerability in the Wildfly Server's Role Based Access Control (RBAC) provider permits unauthorized users to execute critical management operations. Specifically, the flaw enables users with only Monitor or Auditor roles, who should be restricted to read-only access, to suspend or resume the server. This issue arises from inadequate authorization checks in the Suspend and Resume handlers, allowing actions without confirming appropriate user permissions. It's crucial for organizations to address this issue by applying the latest security patches provided by Red Hat.",Red Hat,"Red Hat Build Of Keycloak,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Red Hat Single Sign-on 7",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-30T14:30:04.227Z,0
CVE-2025-0604,https://securityvulnerability.io/vulnerability/CVE-2025-0604,Authentication Bypass Vulnerability in Keycloak by Red Hat,"A vulnerability exists in Keycloak where the system fails to validate new password credentials against Active Directory (AD) during a user password reset. As a result, users with expired or disabled AD accounts may regain unauthorized access to Keycloak, circumventing the established security restrictions. This flaw poses a significant risk as it may lead to authentication bypass, potentially allowing malicious actors to exploit user accounts under certain conditions.",Red Hat,"Red Hat Build Of Keycloak,Red Hat Single Sign-on 7",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-22T14:34:45.923Z,0
CVE-2023-4639,https://securityvulnerability.io/vulnerability/CVE-2023-4639,Unauthorized Data Access via Incorrect Cookie Parsing,"A flaw exists in the Undertow server, which improperly handles the parsing of cookies that contain specific value-delimiting characters in requests. This vulnerability enables potential attackers to craft malicious cookie values, enabling the exfiltration of HttpOnly cookie values or the spoofing of additional cookie values. Consequently, this can lead to unauthorized access to sensitive data and alterations, posing significant risks to the integrity and confidentiality of the affected applications.",Red Hat,"Migration Toolkit For Runtimes 1 On Rhel 8,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Migration Toolkit For Applications 6,Red Hat Build Of Apache Camel For Spring Boot 3,Red Hat Build Of Apicurio Registry,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Integration Change Data Capture,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.4,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-17T11:15:00.000Z,0
CVE-2022-2232,https://securityvulnerability.io/vulnerability/CVE-2022-2232,Keycloak Package Vulnerability: LDAP Injection Flaw Discovered,"A vulnerability exists within the Keycloak package that enables an attacker to exploit LDAP injection techniques. This flaw permits the circumvention of username lookups, potentially allowing the execution of unauthorized queries or actions in the system. If an attacker is able to leverage this vulnerability, it could lead to unauthorized access and compromise of sensitive information. System administrators are encouraged to review the impacted versions and implement recommended updates to mitigate the risk.",Red Hat,Red Hat Single Sign-on 7,7.5,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2024-11-14T14:51:14.594Z,0
CVE-2023-1932,https://securityvulnerability.io/vulnerability/CVE-2023-1932,HTML Injection Vulnerability in Hibernate Validator,"A flaw exists in the 'isValid' method within the SafeHtmlValidator class of Hibernate Validator that allows for potential HTML injection and Cross-Site Scripting (XSS) attacks. This vulnerability occurs due to the improper handling of HTML tags, specifically when tag endings are omitted in a less-than character format. Consequently, browsers may render invalid HTML, which could be exploited by attackers to inject malicious scripts, compromising the security of affected applications.",Red Hat,"A-MQ Clients 2,Cryostat 2,Red Hat AMQ Broker 7,Red Hat A-MQ Online,Red Hat Bpm Suite 6,Red Hat Codeready Studio 12,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Fuse 7,Red Hat Jboss Brms 5,Red Hat Jboss Data Grid 7,Red Hat Jboss Data Virtualization 6,Red Hat Jboss Enterprise Application Platform 5,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Continuous Delivery,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse Service Works 6,Red Hat Jboss Operations Network 3,Red Hat Jboss Soa Platform 5,Red Hat Openstack Platform 10 (newton),Red Hat Openstack Platform 13 (queens),Red Hat Process Automation 7,Red Hat Satellite 6,Red Hat Single Sign-on 7,Red Hat Support For Spring Boot,Streams For Apache Kafka",6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-07T10:00:51.745Z,0
CVE-2024-8883,https://securityvulnerability.io/vulnerability/CVE-2024-8883,"Attackers can Redirect Users to Arbitrary URLs, Exposing Sensitive Information","A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.",Red Hat,"Red Hat Build Of Keycloak,Red Hat Build Of Keycloak 22,Red Hat Build Of Keycloak 24,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Single Sign-on 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers",6.1,MEDIUM,0.0024399999529123306,false,,false,false,false,,,false,false,,2024-09-19T15:48:28.468Z,0
CVE-2024-8698,https://securityvulnerability.io/vulnerability/CVE-2024-8698,Flaw in SAML Signature Validation Method Allows Privilege Escalation or Impersonation Attacks,"CVE-2024-8698 is a privilege escalation and impersonation vulnerability located in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The vulnerability allows attackers to create crafted responses that can bypass validation, potentially leading to privilege escalation or impersonation attacks. The impact of the exploitation can have a high impact on confidentiality, with lower impacts on integrity and availability. The vulnerability is addressed in Keycloak version 25.0.6 and organizations using Keycloak are strongly recommended to install updates as soon as possible. It is also recommended to implement updates from other vendors who rely on Keycloak for identity and access management. Upgrading to the newest version may provide safety from future exploitation, but it does not remediate historic compromise. At the time of reporting, no active exploitation of this vulnerability by ransomware groups was reported.",Red Hat,"Red Hat Build Of Keycloak,Red Hat Build Of Keycloak 22,Red Hat Build Of Keycloak 24,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Single Sign-on 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers",7.7,HIGH,0.0007099999929778278,false,,true,false,true,2024-09-25T18:56:46.000Z,true,false,false,,2024-09-19T15:48:18.464Z,0
CVE-2024-7885,https://securityvulnerability.io/vulnerability/CVE-2024-7885,Undertow ProxyProtocolReadListener Vulnerability,"A notable vulnerability exists in the Undertow HTTP server related to the handling of multiple requests over the same HTTP connection. The issue stemmed from the misuse of a shared StringBuilder instance within the ProxyProtocolReadListener, specifically during the process of handling requests in the parseProxyProtocolV1 method. This flaw can lead to information leakage, where sensitive data from a preceding request may be inadvertently included in a subsequent response. The consequence is not only potential data exposure but also issues with connection stability, as errors may arise during processing, affecting overall application performance in environments that handle multiple requests concurrently.",Red Hat,"Red Hat Build Of Apache Camel 3.20.7 For Spring Boot,Red Hat Build Of Apache Camel 4.4.2 For Spring Boot,Red Hat Jboss Enterprise Application Platform 7.1.0,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0009800000116229057,false,,false,false,false,,,false,false,,2024-08-21T14:13:36.579Z,0
CVE-2024-3653,https://securityvulnerability.io/vulnerability/CVE-2024-3653,Undertow Vulnerability: Enabling Learning-Push Handler Can Prevent Attacks,"A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.",Red Hat,"Red Hat Jboss Enterprise Application Platform 7.1.0,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Openshift Serverless,Red Hat Build Of Apache Camel For Quarkus,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7,Red Hat Single Sign-on 7,Streams For Apache Kafka",5.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-08T21:21:20.899Z,0
CVE-2024-5971,https://securityvulnerability.io/vulnerability/CVE-2024-5971,Undertow Vulnerability Leads to Denial of Service Attack,"A vulnerability exists in Undertow that can lead to a denial of service scenario. This occurs when chunked responses hang after the body is flushed. Although the response headers and body are sent successfully, the client continues to wait for the termination of the chunked response, which does not occur as expected. This behavior is particularly problematic in Java 17 environments utilizing TLSv1.3, as it results in uncontrolled resource consumption on the server side, potentially leaving it vulnerable to service disruption.",Red Hat,"Red Hat Build Of Apache Camel 3.20.7 For Spring Boot,Red Hat Build Of Apache Camel 4.4.1 For Spring Boot,Red Hat Build Of Apache Camel 4.4.2 For Spring Boot,Red Hat Jboss Enterprise Application Platform 7.1.0,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-08T20:51:29.223Z,0
CVE-2024-6162,https://securityvulnerability.io/vulnerability/CVE-2024-6162,Undertow Ajp-Listener Vulnerability: URL-Encoded Request Path Information Can Be Broken,"A vulnerability in Undertow affects the processing of URL-encoded request paths on the AJP listener when handling concurrent requests. The issue stems from the sharing of a buffer used for decoding paths across multiple requests, which may result in the server misinterpreting the path, leading to errors like '404 Not Found' or other application failures. This flaw can hinder access to legitimate resources, potentially resulting in a denial of service. Organizations relying on Undertow for handling AJP traffic should assess their systems for exposure to this vulnerability.",Red Hat,"Eap 8.0.1,Red Hat Build Of Apache Camel 4.4.1 For Spring Boot,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Fuse 7,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-06-20T14:33:10.342Z,0
CVE-2024-5967,https://securityvulnerability.io/vulnerability/CVE-2024-5967,LDAP Endpoint Vulnerability Allows Credentials Leakage,"A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL  independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL (""Connection URL"") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console or compromised a user with sufficient privileges can leak domain credentials and attack the domain.",Red Hat,"Red Hat Build Of Keycloak,Red Hat Build Of Keycloak 22,Red Hat Single Sign-on 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers",2.7,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-06-18T12:05:39.289Z,0
CVE-2024-4540,https://securityvulnerability.io/vulnerability/CVE-2024-4540,Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie,"A vulnerability exists in Keycloak related to OAuth 2.0 Pushed Authorization Requests (PAR). This issue arises from client-provided parameters being transmitted in plain text within the KC_RESTART cookie included in the HTTP response of the authorization server during a `request_uri` authorization request. This situation could potentially lead to unauthorized information disclosure, allowing attackers to access sensitive data inadvertently exposed through these cookies. It's crucial for users and administrators to review their Keycloak implementations for configurations susceptible to this flaw.",Red Hat,"Red Hat Build Of Keycloak,Red Hat Build Of Keycloak 22,Red Hat Build Of Keycloak 24,Red Hat Single Sign-on 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers",7.5,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-06-03T16:15:00.000Z,0
CVE-2024-1102,https://securityvulnerability.io/vulnerability/CVE-2024-1102,Database Logging Vulnerability Exposes User Credentials,A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.,Red Hat,"Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Build Of Keycloak,Red Hat Data Grid 8,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Single Sign-on 7",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-04-25T17:15:00.000Z,0
CVE-2023-6484,https://securityvulnerability.io/vulnerability/CVE-2023-6484,Keycloak: log injection during webauthn authentication or registration,A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.,Red Hat,"Red Hat Build Of Keycloak 22,Red Hat Build Of Keycloak 22.0.10,Red Hat Single Sign-on 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Rhsso 7.6.8",5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-04-25T16:15:00.000Z,0
CVE-2024-1132,https://securityvulnerability.io/vulnerability/CVE-2024-1132,Keycloak Flaw Allows Attackers to Bypass Validation and Access Sensitive Information,"A security vulnerability has been identified in Keycloak, where improper URL validation in redirects could enable an attacker to exploit this flaw. This issue particularly affects clients that utilize wildcards in the Valid Redirect URIs field, which could allow malicious requests to bypass intended restrictions. As a result, sensitive information may be accessed without authorization, potentially leading to further attacks. User interaction is necessary to trigger this vulnerability, making it essential for users and administrators to be informed about securing their implementations of Keycloak.",Red Hat,"Migration Toolkit For Runtimes 1 On Rhel 8,Mta-6.2-rhel-9,Red Hat Build Of Keycloak 22,Red Hat Build Of Keycloak 22.0.10,Red Hat Jboss A-MQ 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Rhsso 7.6.8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Integration Service Registry,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Fuse 7,Red Hat Process Automation 7",8.1,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-04-17T13:21:19.130Z,0
CVE-2023-5685,https://securityvulnerability.io/vulnerability/CVE-2023-5685,Stack Overflow Exception in XNIO NotifierState Could Lead to Denial of Service,"A flaw identified in the XNIO NotifierState component allows for a stack overflow exception due to an excessively large chain of notifier states. This vulnerability can lead to uncontrolled resource management, which may result in a denial of service (DoS) condition on systems utilizing the affected versions of XNIO. Administrators should take appropriate precautions to mitigate potential risks associated with this issue.",Red Hat,"Eap 7.4.14,Red Hat Build Of Apache Camel 4.4.0 For Spring Boot,Red Hat Jboss Enterprise Application Platform 7.1 Eus For Rhel 7,Red Hat Jboss Enterprise Application Platform 7.3 Eus For Rhel 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Build Of Apache Camel For Spring Boot 3,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-03-22T18:24:42.696Z,0
CVE-2024-1722,https://securityvulnerability.io/vulnerability/CVE-2024-1722,Remote Unauthenticated Attacker Can Block Other Accounts from Logging In,"A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.",Red Hat,",Red Hat Build Of Keycloak,Red Hat Single Sign-on 7",5.3,MEDIUM,0.0005499999970197678,false,,false,false,false,,,false,false,,2024-02-29T01:43:00.000Z,0
CVE-2024-1635,https://securityvulnerability.io/vulnerability/CVE-2024-1635,Undertow Vulnerability Impacts Wildfly-HTTP-Client Server,"A vulnerability has been identified within Undertow that affects servers utilizing the WildFly HTTP Client protocol. The issue occurs when a malicious actor exploits the behavior of connection handling, causing the server to exhaust its memory and file descriptor limits. This situation arises when a connection is opened and immediately closed at the HTTP port, leading to leaked connections via the WriteTimeoutStreamSinkConduit. Notably, if the RemotingConnection is closed by the Remoting ServerConnectionOpenListener, the connection's outermost layer fails to notify the Undertow conduit of the closure. Consequently, this lack of notification allows the timeout task to continue leaking connections through the XNIO WorkerThread, resulting in a prolonged impact on the server's resource consumption. Organizations are urged to address this vulnerability promptly to safeguard against potential denial-of-service scenarios.",Red Hat,"Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Rhsso 7.6.8,Openshift Serverless,Red Hat Build Of Apache Camel For Quarkus,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7,Streams For Apache Kafka",7.5,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-02-19T21:23:14.496Z,0
CVE-2024-1459,https://securityvulnerability.io/vulnerability/CVE-2024-1459,Potential Path Traversal Vulnerability in Undertow Could Allow Access to Privileged Files,"A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",Red Hat,"Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse 7,Red Hat Process Automation 7,Red Hat Single Sign-on 7",5.3,MEDIUM,0.0014700000174343586,false,,false,false,false,,,false,false,,2024-02-12T20:30:03.768Z,0
CVE-2023-6291,https://securityvulnerability.io/vulnerability/CVE-2023-6291,Keycloak: redirect_uri validation bypass,"A flaw has been identified in the redirect_uri validation logic within Keycloak, a product developed by Red Hat. This vulnerability could potentially allow attackers to bypass explicitly allowed hosts, leading to unauthorized access. If exploited, it may enable the theft of access tokens, thereby allowing attackers to impersonate legitimate users and compromise sensitive data. Organizations using Keycloak should ensure they are aware of this issue and implement appropriate security measures to mitigate the risks associated with this vulnerability.",Red Hat,"Red Hat Build Of Keycloak 22,Red Hat Build Of Keycloak 22.0.7,Red Hat Single Sign-on 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Single Sign-on 7.6.6,Migration Toolkit For Applications 6,Migration Toolkit For Applications 7,Openshift Serverless,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Fuse 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Process Automation 7",7.1,HIGH,0.003389999968931079,false,,false,false,false,,,false,false,,2024-01-26T14:23:43.185Z,0
CVE-2023-2585,https://securityvulnerability.io/vulnerability/CVE-2023-2585,Client access via device auth request spoof,"Keycloak's device authorization grant has a flaw in its validation process, which allows attackers to potentially spoof requests. By leveraging this vulnerability, an attacker could manipulate the consent flow, leading authorization administrators to unknowingly approve access for a malicious OAuth client. This can result in unauthorized access to sensitive information or systems that rely on valid OAuth client consent.",Red Hat,"keycloak,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7.6 for RHEL 7,Red Hat Single Sign-On 7.6 for RHEL 8,Red Hat Single Sign-On 7.6 for RHEL 9,RHEL-8 based Middleware Containers",8.1,HIGH,0.0025100000202655792,false,,false,false,false,,,false,false,,2023-12-21T10:15:00.000Z,0
CVE-2023-6927,https://securityvulnerability.io/vulnerability/CVE-2023-6927,"Keycloak: open redirect via ""form_post.jwt"" jarm response mode","A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode ""form_post.jwt"" which could be used to bypass the security patch implemented to address CVE-2023-6134.",Red Hat,"Red Hat Build Of Keycloak 22,Red Hat Build Of Keycloak 22.0.8,Red Hat Single Sign-on 7.0,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Single Sign-on 7.6.6",4.6,MEDIUM,0.00443999981507659,false,,false,false,false,,,false,false,,2023-12-18T23:15:00.000Z,0