Single Sign-on CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2018-10912	1 Redhat	4 Jboss Single Sign On, Keycloak, Openshift Application Runtimes and 1 more	2024-11-21	4.9 Medium
keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.
CVE-2018-10894	1 Redhat	6 Enterprise Linux, Jboss Single Sign On, Keycloak and 3 more	2024-11-21	N/A
It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.

« first previous Page 6 of 6.