Multiple vulnerabilities in Red Hat Single Sign-On 7.6



Published: 2023-03-02 | Updated: 2023-04-07
Risk High
Patch available YES
Number of vulnerabilities 33
CVE-ID CVE-2022-42004
CVE-2022-38749
CVE-2022-38750
CVE-2022-38751
CVE-2022-40149
CVE-2022-40150
CVE-2022-42003
CVE-2022-45047
CVE-2022-31129
CVE-2022-45693
CVE-2022-46175
CVE-2022-46363
CVE-2022-46364
CVE-2023-0091
CVE-2023-0264
CVE-2022-37603
CVE-2022-25857
CVE-2018-14040
CVE-2022-1274
CVE-2018-14042
CVE-2019-11358
CVE-2020-11022
CVE-2020-11023
CVE-2021-35065
CVE-2021-44906
CVE-2022-1438
CVE-2022-24785
CVE-2022-1471
CVE-2022-2237
CVE-2022-2764
CVE-2022-3782
CVE-2022-3916
CVE-2022-4137
CWE-ID CWE-400
CWE-121
CWE-787
CWE-502
CWE-185
CWE-94
CWE-200
CWE-918
CWE-285
CWE-288
CWE-79
CWE-22
CWE-601
CWE-399
CWE-613
Exploitation vector Network
Public exploit Public exploit code for vulnerability #8 is available.
Public exploit code for vulnerability #18 is available.
Public exploit code for vulnerability #20 is available.
Public exploit code for vulnerability #21 is available.
Public exploit code for vulnerability #22 is available.
Public exploit code for vulnerability #23 is available.
Vulnerable software
Subscribe
Red Hat Single Sign-On
Server applications / Directory software, identity management

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 33 vulnerabilities.

1) Resource exhaustion

EUVDB-ID: #VU68832

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-42004

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control usage of deeply nested arrays in BeanDeserializer._deserializeFromArray. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Stack-based buffer overflow

EUVDB-ID: #VU67666

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-38749

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when handling YAML files. A remote attacker can pass a specially crafted YAML file to the application, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Stack-based buffer overflow

EUVDB-ID: #VU67668

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-38750

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when handling YAML files. A remote attacker can pass a specially crafted YAML file to the application, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Out-of-bounds write

EUVDB-ID: #VU67663

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-38751

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing untrusted YAML input. A remote attacker can pass a specially crafted YAML file to the application, trigger out-of-bounds write and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Out-of-bounds write

EUVDB-ID: #VU69673

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-40149

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing untrusted XML or JSON data. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds write and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Resource exhaustion

EUVDB-ID: #VU69674

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-40150

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when processing untrusted XML or JSON data. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Deserialization of Untrusted Data

EUVDB-ID: #VU68635

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-42003

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure input validation when processing serialized data when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. A remote attacker can pass specially crafted data to the application and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

8) Deserialization of Untrusted Data

EUVDB-ID: #VU70530

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-45047

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data within the org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider class. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

9) Incorrect Regular Expression

EUVDB-ID: #VU65835

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-31129

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of user-supplied input when parsing overly long strings. A remote attacker can pass a string that contains more that 10k characters and perform regular expression denial of service (ReDoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

10) Out-of-bounds write

EUVDB-ID: #VU71109

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-45693

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack..

The vulnerability exists due to a boundary error when processing data passed via the map parameter. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds write and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

11) Prototype pollution

EUVDB-ID: #VU71577

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-46175

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the JSON5.parse() function. A remote attacker can inject and execute arbitrary script code.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

12) Information disclosure

EUVDB-ID: #VU70443

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-46363

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. A remote attacker can gain list directories on the system or exfiltrate code.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

13) Server-Side Request Forgery (SSRF)

EUVDB-ID: #VU70444

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-46364

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input when parsing the href attribute of XOP:Include in MTOM requests. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

14) Improper Authorization

EUVDB-ID: #VU71139

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2023-0091

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to missing authorization of a revoked token in the client-registration endpoints. A remote attacker with ability to obtain a revoked token gain unauthorized access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

15) Authentication bypass using an alternate path or channel

EUVDB-ID: #VU72725

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2023-0264

CWE-ID: CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Exploit availability: No

Description

The vulnerability allows a remote user to impersonate application users.

The vulnerability exists due to an error when handling authentication requests in the OpenID Connect user authentication. A remote authenticated user who can obtain a certain piece of info from a victim's user request from the same realm can use that data to impersonate the victim and generate new session tokens.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

16) Incorrect Regular Expression

EUVDB-ID: #VU70121

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-37603

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing URL within the interpolateName() function in interpolateName.js. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

17) Resource exhaustion

EUVDB-ID: #VU67665

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-25857

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling YAML files. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

18) Cross-site scripting

EUVDB-ID: #VU13901

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-14040

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists in the data-parent attribute of the collapse plugin due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

19) Cross-site scripting

EUVDB-ID: #VU72722

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1274

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in Keyckloak Admin REST API. A remote user attacker can inject and execute arbitrary HTML code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

20) Cross-site scripting

EUVDB-ID: #VU13902

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-14042

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists in the data-container property of the tooltip plugin due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

21) Prototype pollution

EUVDB-ID: #VU18092

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-11358

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to prototype pollution. A remote attacker can trick the extend function can into modifying the prototype of Object when the attacker controls part of the structure passed to this function. This can let an attacker add or modify an existing property that will then exist on all objects and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

22) Cross-site scripting

EUVDB-ID: #VU27052

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-11022

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: Yes

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the regex operation in "jQuery.htmlPrefilter". A remote attacker can pass specially crafted data to the application that uses .html()</code>, <code>.append() or similar methods for it and execute arbitrary JavaScript code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

23) Cross-site scripting

EUVDB-ID: #VU27519

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-11023

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: Yes

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when passing <option> elements to jQuery’s DOM manipulation methods. A remote attacker can execute arbitrary JavaScript code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

24) Resource exhaustion

EUVDB-ID: #VU55102

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35065

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when processing regular expressions. A remote attacker can trigger resource exhaustion and perform a regular expression denial of service (ReDoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

25) Resource exhaustion

EUVDB-ID: #VU64030

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-44906

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

26) Stored cross-site scripting

EUVDB-ID: #VU72724

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1438

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data during user impersonation. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

27) Path traversal

EUVDB-ID: #VU62463

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-24785

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the npm version of Moment.js. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

28) Deserialization of Untrusted Data

EUVDB-ID: #VU70385

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1471

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data within the SnakeYaml's Constructor() class. A remote attacker can pass specially crafted yaml content to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

29) Open redirect

EUVDB-ID: #VU72727

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2237

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Exploit availability: No

Description

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data in the Node.js adapter when forwarding requests to Keycloak using checkSSO with query param 'prompt=none'. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

30) Resource management error

EUVDB-ID: #VU69919

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-2764

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in the UndertowInputStream.close() method related to EJB invocations. A remote attacker can force the application to keep the connection open and consume all available server resources.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

31) Path traversal

EUVDB-ID: #VU70169

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-3782

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform path traversal attacks.

The vulnerability exists due to insufficient validation of URLs included in a redirect. A remote attacker can construct a malicious request to bypass validation by using double encoding, access other URLs and potentially sensitive information within the domain.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

32) Insufficient Session Expiration

EUVDB-ID: #VU70166

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-3916

CWE-ID: CWE-613 - Insufficient Session Expiration

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to reuse of session ids across root and user authentication sessions when using a client with the offline_access scope. An attacker with ability to obtain the root session ID can utilize the refresh token and authenticate to the application as another user.

The issue affects shared environments, where the attacker is able to obtain victim's cookies after the victim logs out.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

33) Cross-site scripting

EUVDB-ID: #VU72723

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-4137

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in OpenID connect login service. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Single Sign-On: 7.6.0 - 7.6.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:1049


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###