Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2020:2813
HistoryJul 02, 2020 - 1:17 p.m.

(RHSA-2020:2813) Important: Red Hat Single Sign-On 7.4.1 security update

2020-07-0213:17:12
access.redhat.com
52

0.061 Low

EPSS

Percentile

93.6%

JSON

Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.4.1 serves as a replacement for Red Hat Single Sign-On 7.4.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • keycloak: verify-token-audience support is missing in the NodeJS adapter (CVE-2020-1694)

  • keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution (CVE-2020-1714)

  • js-jquery: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)

  • js-jquery: jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)

  • undertow: invalid HTTP request with large chunk size (CVE-2020-10719)

  • keycloak: top-level navigations to data URLs resulting in XSS are possible (incomplete fix of CVE-2020-1697) (CVE-2020-10748)

  • jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

  • jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

  • jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

  • jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Related

ibm 37
nessus 30
osv 17
openvas 19
debian 3
redhatcve 7
suse 3
attackerkb 2
hp 2
githubexploit 4
fedora 6
atlassian 6
joomla 1
checkpoint_advisories 1
oraclelinux 1
drupal 1
gentoo 1
typo3 1
redhat 3
altlinux 1
prion 6
cve 6
cvelist 6
nvd 7
github 7
rocky 1
veracode 5
ubuntucve 6
debiancve 4
mageia 1
freebsd 1
f5 1
huawei 1
vulnrichment 1
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect IBM Sterling B2B Integrator
2020-07-24 17:07:55
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind
2020-06-19 05:07:08
Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Platform Symphony and IBM Spectrum Symphony
2020-04-10 01:55:37
nessus
nessus
Debian DLA-2135-1 : jackson-databind security update
2020-03-06 00:00:00
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19)
2022-09-01 00:00:00
JQuery 1.2 < 3.5.0 Multiple XSS
2020-05-28 00:00:00
osv
osv
jackson-databind - security update
2020-03-06 00:00:00
jquery - security update
2021-03-25 00:00:00
drupal7 - security update
2020-05-26 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2135-1)
2020-03-06 00:00:00
openSUSE: Security Advisory for otrs (openSUSE-SU-2020:1888-1)
2020-11-10 00:00:00
Debian: Security Advisory (DLA-2608-1)
2021-03-26 00:00:00
debian
debian
[SECURITY] [DLA 2135-1] jackson-databind security update
2020-03-05 22:55:37
[SECURITY] [DLA 2608-1] jquery security update
2021-03-26 01:32:22
[SECURITY] [DSA 4693-1] drupal7 security update
2020-05-26 21:08:21
redhatcve
redhatcve
CVE-2020-10748
2020-07-02 12:20:40
CVE-2020-10719
2020-05-06 10:34:39
CVE-2020-10969
2022-05-14 11:39:50
suse
suse
Security update for otrs (moderate)
2020-11-10 00:00:00
Security update for cacti, cacti-spine (moderate)
2020-07-25 00:00:00
Security update for cacti, cacti-spine (moderate)
2020-07-28 00:00:00
attackerkb
attackerkb
CVE-2020-11022
2020-04-29 00:00:00
CVE-2020-11023
2020-04-29 00:00:00
hp
hp
Certain HP Printers and MFP products - Cross-Site Scripting (XSS)
2020-09-17 00:00:00
HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)
2020-09-17 00:00:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Jquery
2021-10-16 01:10:33
Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind
2020-02-23 03:51:40
Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind
2020-06-05 02:05:15
fedora
fedora
[SECURITY] Fedora 32 Update: drupal8-8.9.0-1.fc32
2020-06-16 01:32:24
[SECURITY] Fedora 33 Update: drupal7-7.72-1.fc33
2020-09-25 17:15:48
[SECURITY] Fedora 32 Update: cacti-1.2.13-1.fc32
2020-07-23 01:06:59
atlassian
atlassian
Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023
2021-02-02 09:59:24
Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023
2021-02-02 09:59:24
jquery 2.2.4 XSS vulnerability
2022-08-24 14:53:45
joomla
joomla
[20200604] - Core - XSS in jQuery.htmlPrefilter
2020-04-10 00:00:00
checkpoint_advisories
checkpoint_advisories
jQuery Cross Site Scripting (CVE-2020-11022; CVE-2020-11023)
2020-11-16 00:00:00
oraclelinux
oraclelinux
jquery-ui security update
2022-03-01 00:00:00
drupal
drupal
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002
2020-05-20 00:00:00
gentoo
gentoo
Cacti: Multiple vulnerabilities
2020-07-26 00:00:00
typo3
typo3
Cross-Site Scripting in extension "Kitodo.Presentation" (dlf)
2020-07-29 00:00:00
redhat
redhat
(RHSA-2020:4211) Moderate: Red Hat AMQ Interconnect 1.9.0 release and security update
2020-10-08 06:44:00
(RHSA-2020:1644) Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-04-28 09:00:20
(RHSA-2020:3807) Moderate: Red Hat Virtualization security, bug fix, and enhancement update
2020-09-23 15:54:23
altlinux
altlinux
Security fix for the ALT Linux 9 package phpipam version 1.42.027-alt1
2020-10-21 00:00:00
prion
prion
Cross site scripting
2020-09-16 18:15:00
Design/Logic Flaw
2020-05-26 16:15:00
Design/Logic Flaw
2020-03-26 13:15:00
cve
cve
CVE-2020-10748
2020-09-16 18:15:12
CVE-2020-10719
2020-05-26 16:15:12
CVE-2020-9547
2020-03-02 04:15:11
cvelist
cvelist
CVE-2020-10748
2020-09-16 17:56:07
CVE-2020-10719
2020-05-26 14:57:51
CVE-2020-9548
2020-03-02 03:58:55
nvd
nvd
CVE-2020-10748
2020-09-16 18:15:12
CVE-2020-10719
2020-05-26 16:15:12
CVE-2020-9548
2020-03-02 04:15:11
github
github
Cross-site Scripting in Keycloak
2022-02-09 00:56:37
Duplicate Advisory: Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri
2023-12-15 00:31:03
HTTP Request Smuggling in Undertow
2021-04-30 17:28:33
rocky
rocky
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-04-28 09:00:20
veracode
veracode
Privilege Escalation
2020-05-13 03:23:37
Deserialization Of Untrusted Object
2020-03-27 02:14:14
Remote Code Execution (RCE)
2020-03-03 04:08:27
ubuntucve
ubuntucve
CVE-2020-10719
2020-05-26 00:00:00
CVE-2020-10969
2020-03-26 00:00:00
CVE-2020-9546
2020-03-02 00:00:00
debiancve
debiancve
CVE-2020-10719
2020-05-26 16:15:12
CVE-2020-8840
2020-02-10 21:56:10
CVE-2020-10969
2020-03-26 13:15:13
mageia
mageia
Updated undertow packages fix security vulnerability
2021-01-23 02:50:14
freebsd
freebsd
Cacti -- multiple vulnerabilities
2020-07-15 00:00:00
f5
f5
K15320518 : FasterXML jackson-databind vulnerability CVE-2020-8840
2020-03-24 00:00:00
huawei
huawei
Security Advisory - FasterXML Jackson-databind Injection Vulnerability in Huawei Products
2020-06-10 00:00:00
vulnrichment
vulnrichment
CVE-2020-10969
2020-03-26 12:43:34

0.061 Low

EPSS

Percentile

93.6%

JSON
Related for RHSA-2020:2813
ibm37nessus30osv17openvas19debian3redhatcve7suse3attackerkb2hp2githubexploit4fedora6atlassian6joomla1checkpoint_advisories1oraclelinux1drupal1gentoo1typo31redhat3altlinux1prion6cve6cvelist6nvd7github7rocky1veracode5ubuntucve6debiancve4mageia1freebsd1f51huawei1vulnrichment1