Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:6497
HistorySep 09, 2024 - 3:28 p.m.

(RHSA-2024:6497) Moderate: Red Hat Single Sign-On 7.6.10 for OpenShift image enhancement update

2024-09-0915:28:01
access.redhat.com
red hat single sign-on
openshift
authentication server
user accounts
security fixes
openshift container platform

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

7.4

Confidence

Low

JSON

Red Hat Single Sign-On is an integrated sign-on solution, available as a
Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat
Single Sign-On for OpenShift image provides an authentication server that
you can use to log in centrally, log out, and register. You can also manage
user accounts for web applications, mobile applications, and RESTful web
services.

This erratum releases a new image for Red Hat Single Sign-On 7.6.10 for
use within the OpenShift Container Platform 3.10, OpenShift Container Platform
3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for
on-premise or private cloud deployments, aligning with the standalone product release.

Security fixes:

  • potential bypass of brute force protection (CVE-2024-4629)
  • session fixation in elytron saml adapters (CVE-2024-7341)
  • Leak of configured LDAP bind credentials through the Keycloak admin console (CVE-2024-5967)

Related

redhat 43
nessus 65
openvas 22
osv 29
ibm 3
ubuntu 3
almalinux 7
mageia 1
oraclelinux 7
ubuntucve 1
redos 1
amazon 2
photon 3
rocky 1
redhatcve 2
cvelist 1
github 1
cve 2
vulnrichment 2
nvd 1
wolfi 1
veracode 1
redhat
redhat
(RHSA-2024:6708) Moderate: ACS 4.5 enhancement and security update
2024-09-16 18:25:39
(RHSA-2024:6495) Moderate: Red Hat Single Sign-On 7.6.10 security update on RHEL 9
2024-09-09 15:27:35
(RHSA-2024:6500) Moderate: Red Hat build of Keycloak 22.0.12 Images Update
2024-09-09 15:41:41
nessus
nessus
RHEL 8 : Red Hat Single Sign-On 7.6.10 security update on RHEL 8 (Moderate) (RHSA-2024:6494)
2024-09-09 00:00:00
RHEL 7 : Red Hat Single Sign-On 7.6.10 security update on RHEL 7 (Moderate) (RHSA-2024:6493)
2024-09-09 00:00:00
RHEL 9 : Red Hat Single Sign-On 7.6.10 security update on RHEL 9 (Moderate) (RHSA-2024:6495)
2024-09-09 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0253)
2024-07-04 00:00:00
Debian: Security Advisory (DSA-5726-1)
2024-07-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:2305-1)
2024-07-08 00:00:00
osv
osv
Moderate: krb5 security update
2024-09-03 00:00:00
krb5 - security update
2024-07-05 00:00:00
Security update for krb5
2024-07-08 12:54:19
ibm
ibm
Security Bulletin: IBM DataPower Gateway vulnerable to data truncation and DoS in Kerberos (CVE-2024-37370 & CVE-2024-37371)
2024-09-03 14:18:56
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to denial of service, privilege escalation and kerberos 5
2024-09-06 09:28:18
Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF001
2024-08-08 17:11:19
ubuntu
ubuntu
Kerberos vulnerabilities
2024-08-08 00:00:00
Bind vulnerabilities
2024-08-01 00:00:00
Bind vulnerabilities
2024-08-15 00:00:00
almalinux
almalinux
Moderate: krb5 security update
2024-08-13 00:00:00
Moderate: krb5 security update
2024-09-03 00:00:00
Moderate: fence-agents security update
2024-09-04 00:00:00
mageia
mageia
Updated krb5 packages fix security vulnerabilities
2024-07-03 19:36:28
oraclelinux
oraclelinux
krb5 security update
2024-09-03 00:00:00
krb5 security update
2024-08-13 00:00:00
resource-agents security update
2024-09-05 00:00:00
ubuntucve
ubuntucve
CVE-2024-37371
2024-06-28 00:00:00
redos
redos
ROS-20240911-04
2024-09-11 00:00:00
amazon
amazon
Medium: krb5
2024-07-18 02:00:00
Important: bind
2024-08-01 03:01:00
photon
photon
Critical Photon OS Security Update - PHSA-2024-4.0-0679
2024-09-02 00:00:00
Critical Photon OS Security Update - PHSA-2024-5.0-0355
2024-08-26 00:00:00
Critical Photon OS Security Update - PHSA-2024-3.0-0791
2024-09-04 00:00:00
rocky
rocky
bind and bind-dyndb-ldap security update
2024-08-21 14:53:26
redhatcve
redhatcve
CVE-2024-7341
2024-09-09 14:12:08
CVE-2024-5967
2024-06-13 12:43:07
cvelist
cvelist
CVE-2024-7341 Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters
2024-09-09 18:51:13
github
github
Keycloak Session Fixation vulnerability
2024-09-09 21:31:22
cve
cve
CVE-2024-7341
2024-09-09 19:15:14
CVE-2024-5967
2024-06-18 12:15:12
vulnrichment
vulnrichment
CVE-2024-7341 Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters
2024-09-09 18:51:13
CVE-2024-5967 Keycloak: leak of configured ldap bind credentials through the keycloak admin console
2024-06-18 12:05:39
nvd
nvd
CVE-2024-7341
2024-09-09 19:15:14
wolfi
wolfi
CVE-2024-5967 vulnerabilities
2024-09-19 21:18:36
veracode
veracode
Credential Leakage
2024-06-19 05:56:48

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

7.4

Confidence

Low

JSON
Related for RHSA-2024:6497
redhat43nessus65openvas22osv29ibm3ubuntu3almalinux7mageia1oraclelinux7ubuntucve1redos1amazon2photon3rocky1redhatcve2cvelist1github1cve2vulnrichment2nvd1wolfi1veracode1