keycloak-services is vulnerable to user deletion through an incorrect permissions check. A malicious user that has access to a service account can delete users in a seperate realm.
rhn.redhat.com/errata/RHSA-2017-0876.html
www.securityfocus.com/bid/97392
www.securitytracker.com/id/1038180
access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.1/html/release_notes/
access.redhat.com/errata/RHSA-2017:0872
access.redhat.com/errata/RHSA-2017:0873
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1388988
issues.jboss.org/browse/RHSSO-427