Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:7417
HistoryNov 03, 2022 - 3:13 p.m.

(RHSA-2022:7417) Moderate: Red Hat Single Sign-On 7.6.1 security update

2022-11-0315:13:15
access.redhat.com
21
red hat single sign-on
keycloak project
security update
vulnerability fixes
denial of service
remote code execution
http request smuggling
stored xss
elytron security
saml javascript protocol mapper

0.518 Medium

EPSS

Percentile

97.6%

JSON

Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)

  • h2: Remote Code Execution in Console (CVE-2021-42392)

  • netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)

  • xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)

  • keycloak: Stored XSS in groups dropdown (CVE-2022-0225)

  • wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)

  • keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

redhat 14
nessus 22
veracode 11
github 9
cvelist 11
osv 27
cnvd 2
prion 11
ubuntucve 5
nvd 11
redhatcve 11
cve 11
openvas 6
ibm 21
hivepro 1
debiancve 5
githubexploit 2
wolfi 1
checkpoint_advisories 1
thn 1
suse 1
atlassian 5
debian 2
almalinux 2
oraclelinux 2
rocky 1
freebsd 1
cgr 1
threatpost 1
redhat
redhat
(RHSA-2022:7410) Moderate: Red Hat Single Sign-On 7.6.1 security update on RHEL 8
2022-11-03 14:46:53
(RHSA-2022:7411) Moderate: Red Hat Single Sign-On 7.6.1 security update on RHEL 9
2022-11-03 14:46:58
(RHSA-2022:7409) Moderate: Red Hat Single Sign-On 7.6.1 security update on RHEL 7
2022-11-03 14:46:46
nessus
nessus
RHEL 7 : Red Hat Single Sign-On 7.6.1 security update on RHEL 7 (Moderate) (RHSA-2022:7409)
2022-11-04 00:00:00
RHEL 8 : Red Hat Single Sign-On 7.6.1 security update on RHEL 8 (Moderate) (RHSA-2022:7410)
2022-11-04 00:00:00
RHEL 9 : Red Hat Single Sign-On 7.6.1 security update on RHEL 9 (Moderate) (RHSA-2022:7411)
2022-11-04 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-02-07 06:12:52
Cross-Site Scripting (XSS)
2021-10-20 06:46:10
Remote Code Execution (RCE)
2022-01-07 09:51:11
github
github
Policies not properly enforced in OWASP Java HTML Sanitizer
2021-10-19 20:15:50
RCE in H2 Console
2022-01-06 23:55:09
Apache ActiveMQ Artemis Uncontrolled Resource Consumption (DoS)
2022-02-06 00:00:55
cvelist
cvelist
CVE-2021-42575
2021-10-18 14:38:13
CVE-2022-23913 Apache ActiveMQ Artemis DoS
2022-02-04 22:33:01
CVE-2021-42392
2022-01-07 00:00:00
osv
osv
CVE-2021-42392
2022-01-10 14:10:23
Policies not properly enforced in OWASP Java HTML Sanitizer
2021-10-19 20:15:50
RCE in H2 Console
2022-01-06 23:55:09
cnvd
cnvd
H2 database code issue vulnerability
2022-01-11 00:00:00
Apache ActiveMQ Resource Management Error Vulnerability (CNVD-2022-14699)
2022-02-21 00:00:00
prion
prion
Design/Logic Flaw
2021-10-18 15:15:00
Design/Logic Flaw
2022-02-04 23:15:00
Remote code execution
2022-01-10 14:10:00
ubuntucve
ubuntucve
CVE-2021-42392
2022-01-10 00:00:00
CVE-2021-43797
2021-12-09 00:00:00
CVE-2020-36518
2022-03-11 00:00:00
nvd
nvd
CVE-2022-23913
2022-02-04 23:15:15
CVE-2021-42575
2021-10-18 15:15:07
CVE-2021-42392
2022-01-10 14:10:23
redhatcve
redhatcve
CVE-2022-23913
2022-03-14 02:15:14
CVE-2021-42575
2021-11-29 06:32:57
CVE-2021-43797
2021-12-13 20:02:24
cve
cve
CVE-2021-42575
2021-10-18 15:15:07
CVE-2022-23913
2022-02-04 23:15:15
CVE-2021-43797
2021-12-09 19:15:07
openvas
openvas
openSUSE: Security Advisory for netty3 (SUSE-SU-2022:2047-1)
2022-06-14 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2047-1)
2022-06-14 00:00:00
Debian: Security Advisory (DLA-2990-1)
2022-05-03 00:00:00
ibm
ibm
Security Bulletin: IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to HTTP request smuggling due to Netty (CVE-2021-43797)
2022-03-30 09:48:30
Security Bulletin: IBM MaaS360 Cloud Extender Configuration Utility and Mobile Enterprise Gateway have vulnerability (CVE-2021-43797)
2022-05-02 15:06:03
Security Bulletin: Operations Dashboard is vulnerable to Netty CVE-2021-43797
2022-01-13 15:49:28
hivepro
hivepro
A similar vulnerability like Log4shell discovered in H2 database console
2022-01-10 16:00:00
debiancve
debiancve
CVE-2021-42392
2022-01-10 14:10:23
CVE-2021-43797
2021-12-09 19:15:07
CVE-2020-36518
2022-03-11 07:15:07
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in H2Database H2
2022-01-09 16:23:16
Exploit for Missing Release of Memory after Effective Lifetime in Redhat Descision Manager
2022-03-10 09:10:56
wolfi
wolfi
CVE-2020-36518 vulnerabilities
2024-05-29 03:07:31
checkpoint_advisories
checkpoint_advisories
H2 Database Console Remote Code Execution (CVE-2021-42392)
2022-01-23 00:00:00
thn
thn
Log4Shell-like Critical RCE Flaw Discovered in H2 Database Console
2022-01-07 09:31:00
suse
suse
Security update for netty3 (moderate)
2022-06-13 00:00:00
atlassian
atlassian
Bump jackson-databind dependency to 2.13.4.2
2023-01-12 09:57:47
jackson-databind Vulnerability in Bamboo Data Center and Server
2023-10-06 17:44:47
DoS (Denial of Service) com.fasterxml.jackson.core in Jira Software Data Center and Server
2023-11-12 13:45:16
debian
debian
[SECURITY] [DLA 2990-1] jackson-databind security update
2022-05-02 18:33:27
[SECURITY] [DSA 5076-1] h2database security update
2022-02-15 14:09:18
almalinux
almalinux
Moderate: jackson security update
2023-05-09 00:00:00
Moderate: pki-core:10.6 and pki-deps:10.6 security update
2024-05-22 00:00:00
oraclelinux
oraclelinux
jackson security update
2023-05-15 00:00:00
pki-core:10.6 and pki-deps:10.6 security update
2024-05-24 00:00:00
rocky
rocky
pki-core:10.6 and pki-deps:10.6 security update
2024-06-14 13:59:30
freebsd
freebsd
kafka -- Denial Of Service vulnerability
2022-03-11 00:00:00
cgr
cgr
CVE-2020-36518 vulnerabilities
2024-05-19 03:07:16
threatpost
threatpost
Log4J-Related RCE Flaw in H2 Database Earns Critical Warning
2022-01-07 15:12:26

0.518 Medium

EPSS

Percentile

97.6%

JSON
Related for RHSA-2022:7417
redhat14nessus22veracode11github9cvelist11osv27cnvd2prion11ubuntucve5nvd11redhatcve11cve11openvas6ibm21hivepro1debiancve5githubexploit2wolfi1checkpoint_advisories1thn1suse1atlassian5debian2almalinux2oraclelinux2rocky1freebsd1cgr1threatpost1