Red hat single sign-on 7.6 for rhel 9

This hub aggregates every CVE we track for Red hat single sign-on 7.6 for rhel 9, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Red hat single sign-on 7.6 for rhel 9.

• CVE-2024-10234Wildfly: wildfly vulnerable to cross-site scripting (xss)6.1Oct 22, 2024
• CVE-2024-8883Keycloak: vulnerable redirect uri validation results in open redirec6.1Sep 19, 2024
• CVE-2024-8698Keycloak-saml-core: improper verification of saml responses leading to privilege escalation in keycloak7.7Sep 19, 2024
• CVE-2024-7341Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters7.1Sep 9, 2024
• CVE-2024-4629Keycloak: potential bypass of brute force protection6.5Sep 3, 2024
• CVE-2024-5967Keycloak: leak of configured ldap bind credentials through the keycloak admin console2.7Jun 18, 2024
• CVE-2024-4540Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie7.5Jun 3, 2024
• CVE-2023-6544Keycloak: authorization bypass5.4Apr 25, 2024
• CVE-2023-6484Keycloak: log injection during webauthn authentication or registration5.3Apr 25, 2024
• CVE-2024-1249Keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkloginiframe leads to ddos7.4Apr 17, 2024
• CVE-2024-1132Keycloak: path transversal in redirection validation8.1Apr 17, 2024
• CVE-2024-1635Undertow: out-of-memory error after several closed connections with wildfly-http-client protocol7.5Feb 19, 2024
• CVE-2023-6291Keycloak: redirect_uri validation bypass7.1Jan 26, 2024
• CVE-2023-2585Keycloak: client access via device auth request spoof3.5Dec 21, 2023
• CVE-2023-6927Keycloak: open redirect via "form_post.jwt" jarm response mode4.6Dec 18, 2023