Main Vulnerability Database Vulnerabilities #VU72726

#VU72726 Configuration in Red Hat Single Sign-On - CVE-2022-4039

Published: March 2, 2023

Vulnerability identifier: #VU72726

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2022-4039

CWE-ID: CWE-16

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Red Hat Single Sign-On

Software vendor:
Red Hat Inc.

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to Keycloak instances launched by the Operator are configured with an unsecured management interface enabled. A remote attacker on the local network can use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.

Remediation

Install updates from vendor's website.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=2143416

#VU72726 Configuration in Red Hat Single Sign-On - CVE-2022-4039

Description

Remediation

External links

Please verify you're human