Every CVE whose affected-product data names Redhat Single Sign-on, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (107)
CVE-2022-4361 — CVSS 10.0 (critical): Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC…
CVE-2019-14379 — CVSS 9.8 (critical): SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of…
CVE-2019-10212 — CVSS 9.8 (critical): A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this…
CVE-2025-12543 — CVSS 9.6 (critical): A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library…
CVE-2019-14837 — CVSS 9.1 (critical): A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing…
CVE-2019-14887 — CVSS 9.1 (critical): A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't…
CVE-2019-10174 — CVSS 8.8 (high): A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application…
CVE-2020-1714 — CVSS 8.8 (high): A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw…
CVE-2019-14843 — CVSS 8.8 (high): A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be…
CVE-2026-28369 — CVSS 8.7 (high): A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it…
CVE-2026-28367 — CVSS 8.7 (high): A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can…
CVE-2026-28368 — CVSS 8.7 (high): A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are…
CVE-2022-4137 — CVSS 8.1 (high): A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue…
CVE-2020-1757 — CVSS 8.1 (high): A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to…
CVE-2018-14657 — CVSS 8.1 (high): A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm…
CVE-2026-3009 — CVSS 8.1 (high): A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider…
CVE-2019-10201 — CVSS 8.1 (high): It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML…
CVE-2024-1132 — CVSS 8.1 (high): A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to…
CVE-2022-4039 — CVSS 8.0 (high): A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface…
CVE-2020-10695 — CVSS 7.8 (high): An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can…
CVE-2021-3717 — CVSS 7.8 (high): A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to…
CVE-2023-6563 — CVSS 7.7 (high): An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of…
CVE-2019-9515 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of…
CVE-2018-12022 — CVSS 7.5 (high): An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either…
CVE-2018-12023 — CVSS 7.5 (high): An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either…
CVE-2019-10184 — CVSS 7.5 (high): undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted…
CVE-2019-14888 — CVSS 7.5 (high): A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the…
CVE-2019-9514 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of…
CVE-2020-10758 — CVSS 7.5 (high): A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified…
CVE-2020-25644 — CVSS 7.5 (high): A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the…
CVE-2021-3632 — CVSS 7.5 (high): A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already…
CVE-2021-3637 — CVSS 7.5 (high): A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessi…
CVE-2021-3690 — CVSS 7.5 (high): A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an…
CVE-2021-3859 — CVSS 7.5 (high): A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an…
CVE-2021-4104 — CVSS 7.5 (high): JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration…
CVE-2022-0084 — CVSS 7.5 (high): A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another…
CVE-2022-0853 — CVSS 7.5 (high): A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction…
CVE-2022-1259 — CVSS 7.5 (high): A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial…
CVE-2022-1278 — CVSS 7.5 (high): A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.
CVE-2022-1319 — CVSS 7.5 (high): A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse…
CVE-2022-4492 — CVSS 7.5 (high): The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step…
CVE-2023-1108 — CVSS 7.5 (high): A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in…
CVE-2023-3223 — CVSS 7.5 (high): A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This…
CVE-2023-5379 — CVSS 7.5 (high): A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked…
CVE-2023-6841 — CVSS 7.5 (high): A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending…
CVE-2024-1635 — CVSS 7.5 (high): A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a…
CVE-2024-7885 — CVSS 7.5 (high): A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests…
CVE-2025-9784 — CVSS 7.5 (high): A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This…
CVE-2022-2668 — CVSS 7.2 (high): An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS…
CVE-2023-6291 — CVSS 7.1 (high): A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A…
CVE-2021-3461 — CVSS 7.1 (high): A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity…
CVE-2024-7341 — CVSS 7.1 (high): A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at…
CVE-2021-20262 — CVSS 6.8 (medium): A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to…
CVE-2021-3827 — CVSS 6.8 (medium): A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this…
CVE-2022-3916 — CVSS 6.8 (medium): A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are…
CVE-2022-1466 — CVSS 6.5 (medium): Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform…
CVE-2020-14297 — CVSS 6.5 (medium): A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get…
CVE-2020-27838 — CVSS 6.5 (medium): A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients…
CVE-2019-3875 — CVSS 6.5 (medium): A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the…
CVE-2026-3121 — CVSS 6.5 (medium): A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is…
CVE-2020-14299 — CVSS 6.5 (medium): A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy…
CVE-2024-4629 — CVSS 6.5 (medium): A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login…
CVE-2023-1664 — CVSS 6.5 (medium): A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the…
CVE-2020-14307 — CVSS 6.5 (medium): A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations…
CVE-2019-14900 — CVSS 6.5 (medium): A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA…
CVE-2020-10719 — CVSS 6.5 (medium): A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This…
CVE-2019-3873 — CVSS 6.4 (medium): It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse…
CVE-2020-10748 — CVSS 6.1 (medium): A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This…
CVE-2024-8883 — CVSS 6.1 (medium): A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect…
CVE-2022-2237 — CVSS 6.1 (medium): A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the…
CVE-2020-1697 — CVSS 6.1 (medium): It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not…
CVE-2019-10219 — CVSS 6.1 (medium): A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of…
CVE-2023-1932 — CVSS 6.1 (medium): A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator…
CVE-2021-3597 — CVSS 5.9 (medium): A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of…
CVE-2023-48795 — CVSS 5.9 (medium): The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to…
CVE-2021-3629 — CVSS 5.9 (medium): A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead…
CVE-2026-4366 — CVSS 5.8 (medium): A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing…
CVE-2023-2422 — CVSS 5.5 (medium): A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify…
CVE-2022-0225 — CVSS 5.4 (medium): A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new…
CVE-2018-10934 — CVSS 5.4 (medium): A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles…
CVE-2022-1274 — CVSS 5.4 (medium): A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to…
CVE-2018-10894 — CVSS 5.4 (medium): It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use…
CVE-2019-3872 — CVSS 5.4 (medium): It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x…
CVE-2021-3424 — CVSS 5.3 (medium): A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can…
CVE-2021-3754 — CVSS 5.3 (medium): A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user…
CVE-2020-1710 — CVSS 5.3 (medium): The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a…
CVE-2020-25689 — CVSS 5.3 (medium): A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating…
CVE-2023-0264 — CVSS 5.0 (medium): A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker…
CVE-2022-2764 — CVSS 4.9 (medium): A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.
CVE-2018-10912 — CVSS 4.9 (medium): keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could…
CVE-2019-14838 — CVSS 4.9 (medium): A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to…
CVE-2020-10687 — CVSS 4.8 (medium): A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is…
CVE-2019-10157 — CVSS 4.7 (medium): It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its…
CVE-2023-6134 — CVSS 4.6 (medium): A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This…
CVE-2018-14655 — CVSS 4.6 (medium): A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary…
CVE-2023-6927 — CVSS 4.6 (medium): A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the…
CVE-2019-14885 — CVSS 4.3 (medium): A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security…
CVE-2020-1724 — CVSS 4.3 (medium): A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal…
CVE-2019-14820 — CVSS 4.3 (medium): It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be…
CVE-2020-27826 — CVSS 4.2 (medium): A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API…
CVE-2022-2256 — CVSS 3.8 (low): A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a…
CVE-2023-2585 — CVSS 3.5 (low): Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing…
CVE-2020-10734 — CVSS 3.3 (low): A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat…
CVE-2026-4874 — CVSS 3.1 (low): A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the…
CVE-2020-1717 — CVSS 2.7 (low): A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.
CVE-2020-14341 — CVSS 2.7 (low): The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP…