Every CVE whose affected-product data names Redhat Single Sign On, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2017-12159 — CVSS 7.5 (high): It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain…
CVE-2016-8629 — CVSS 6.5 (medium): Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the…
CVE-2017-2585 — CVSS 5.9 (medium): Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in…
CVE-2017-12158 — CVSS 5.4 (medium): It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker…