Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Single_sign\-On
(Redhat)| Repositories | https://github.com/FasterXML/jackson-databind |
| #Vulnerabilities | 95 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-04-26 | CVE-2022-1466 | Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted. | Keycloak, Single_sign\-On | 6.5 | ||
| 2022-05-24 | CVE-2021-3597 | A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final. | Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Fuse, Jboss_enterprise_application_platform, Openshift_application_runtimes, Single_sign\-On, Undertow | 5.9 | ||
| 2022-05-24 | CVE-2021-3629 | A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final. | Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Integration, Jboss_enterprise_application_platform, Single_sign\-On, Undertow, Wildfly_core | 5.9 | ||
| 2022-05-24 | CVE-2021-3717 | A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0. | Jboss_enterprise_application_platform, Single_sign\-On, Wildfly_core | 7.8 | ||
| 2022-08-05 | CVE-2022-2668 | An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled | Keycloak, Single_sign\-On | 7.2 | ||
| 2022-08-23 | CVE-2021-3690 | A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability. | Fuse, Integration_camel_k, Integration_camel_quarkus, Jboss_enterprise_application_platform, Openshift_application_runtimes, Single_sign\-On, Undertow | 7.5 | ||
| 2022-08-23 | CVE-2021-3827 | A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity. | Keycloak, Openshift_container_platform, Single_sign\-On | 6.8 | ||
| 2022-08-26 | CVE-2021-3632 | A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow. | Keycloak, Single_sign\-On | 7.5 | ||
| 2022-08-26 | CVE-2021-3754 | A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password. | Keycloak, Single_sign\-On | 5.3 | ||
| 2022-08-26 | CVE-2021-3859 | A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks. | Cloud_secure_agent, Oncommand_insight, Oncommand_workflow_automation, Jboss_enterprise_application_platform, Single_sign\-On, Undertow | 7.5 |