Keycloak is vulnerable to privilege escalation vulnerability. This is due to an improper implementation of the Brute Force detection algorithm as it does not enforce its protection measures. An attacker can exploit this issue to bypass certain security restrictions and aid in brute-force attacks.
access.redhat.com/documentation/en-us/red_hat_single_sign_on/?version=7.2
access.redhat.com/errata/RHSA-2018:3592
access.redhat.com/errata/RHSA-2018:3593
access.redhat.com/errata/RHSA-2018:3595
access.redhat.com/security/cve/CVE-2018-14637
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657
issues.jboss.org/browse/JBEAP-15587