Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/110801?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/110801?format=api", "purl": "pkg:rpm/redhat/rh-sso7-keycloak@2.5.14-1.Final_redhat_1.1.jbcs?arch=el7", "type": "rpm", "namespace": "redhat", "name": "rh-sso7-keycloak", "version": "2.5.14-1.Final_redhat_1.1.jbcs", "qualifiers": { "arch": "el7" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4900?format=api", "vulnerability_id": "VCID-4bbz-11ta-ybft", "summary": "jasypt before 1.9.2 allows a timing attack against the password hash comparison.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2546", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2547", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2547" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2808", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2808" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2809", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2809" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2810", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2810" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2811", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2811" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3141", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:3141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0294", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0294" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9970.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9970.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9970", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.72025", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.7204", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.71978", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.71986", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.72056", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.72006", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.71982", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.72033", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.7202", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.72066", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9970" }, { "reference_url": "https://github.com/jboss-fuse/jasypt/commit/8e62852a8018978ee19d39056c650fb66ffa0ff6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jboss-fuse/jasypt/commit/8e62852a8018978ee19d39056c650fb66ffa0ff6" }, { "reference_url": "https://sourceforge.net/p/jasypt/code/668", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://sourceforge.net/p/jasypt/code/668" }, { "reference_url": "https://sourceforge.net/p/jasypt/code/668/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceforge.net/p/jasypt/code/668/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455566", "reference_id": "1455566", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455566" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9970", "reference_id": "CVE-2014-9970", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9970" }, { "reference_url": "https://github.com/advisories/GHSA-r5c2-rxh2-f5h2", "reference_id": "GHSA-r5c2-rxh2-f5h2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r5c2-rxh2-f5h2" } ], "fixed_packages": [], "aliases": [ "CVE-2014-9970", "GHSA-r5c2-rxh2-f5h2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4bbz-11ta-ybft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14993?format=api", "vulnerability_id": "VCID-9bn2-agpc-hfdz", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nIt was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2904", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2904" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2905", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2906", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2906" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12158.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12158.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12158", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00668", "scoring_system": "epss", "scoring_elements": "0.71232", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00668", "scoring_system": "epss", "scoring_elements": "0.71325", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00668", "scoring_system": "epss", "scoring_elements": "0.71239", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00668", "scoring_system": "epss", "scoring_elements": "0.71257", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00668", "scoring_system": "epss", "scoring_elements": "0.71279", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00668", "scoring_system": "epss", "scoring_elements": "0.71294", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00668", "scoring_system": "epss", "scoring_elements": "0.7131", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00668", "scoring_system": "epss", "scoring_elements": "0.71231", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00668", "scoring_system": "epss", "scoring_elements": "0.71287", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00668", "scoring_system": "epss", "scoring_elements": "0.71273", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12158" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489161", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489161" }, { "reference_url": "https://web.archive.org/web/20210124114020/http://www.securityfocus.com/bid/101618", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210124114020/http://www.securityfocus.com/bid/101618" }, { "reference_url": "http://www.securityfocus.com/bid/101618", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101618" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12158", "reference_id": "CVE-2017-12158", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12158" }, { "reference_url": "https://github.com/advisories/GHSA-v38p-mqq3-m6v5", "reference_id": "GHSA-v38p-mqq3-m6v5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v38p-mqq3-m6v5" } ], "fixed_packages": [], "aliases": [ "CVE-2017-12158", "GHSA-v38p-mqq3-m6v5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9bn2-agpc-hfdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5051?format=api", "vulnerability_id": "VCID-f763-ps3s-b3ep", "summary": "It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2904", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2904" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2905", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2906", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2906" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12159.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12159.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12159", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69163", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69059", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69075", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69097", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69078", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69128", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69147", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69169", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69153", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69124", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484111", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484111" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/9b75b603e3a5f5ba6deff13cbb45b070bf2d2239", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak/commit/9b75b603e3a5f5ba6deff13cbb45b070bf2d2239" }, { "reference_url": "https://web.archive.org/web/20210124113906/http://www.securityfocus.com/bid/101601", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210124113906/http://www.securityfocus.com/bid/101601" }, { "reference_url": "http://www.securityfocus.com/bid/101601", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101601" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12159", "reference_id": "CVE-2017-12159", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12159" }, { "reference_url": "https://github.com/advisories/GHSA-7fmw-85qm-h22p", "reference_id": "GHSA-7fmw-85qm-h22p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7fmw-85qm-h22p" } ], "fixed_packages": [], "aliases": [ "CVE-2017-12159", "GHSA-7fmw-85qm-h22p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f763-ps3s-b3ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4590?format=api", "vulnerability_id": "VCID-tj32-sye9-gqfe", "summary": "It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2904", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2904" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2905", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2906", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2906" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12197.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12197.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66254", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66144", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66185", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66212", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66181", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66229", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66242", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66262", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66249", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66218", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12197" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503103", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503103" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12197" }, { "reference_url": "https://github.com/kohsuke/libpam4j", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/kohsuke/libpam4j" }, { "reference_url": "https://github.com/kohsuke/libpam4j/commit/02ffdff218283629ba4a902e7fe2fd44646abc21", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/kohsuke/libpam4j/commit/02ffdff218283629ba4a902e7fe2fd44646abc21" }, { "reference_url": "https://github.com/kohsuke/libpam4j/issues/18", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/kohsuke/libpam4j/issues/18" }, { "reference_url": "https://github.com/letonez/libpam4j/commit/84f32f4001fc6bdcc125ccc959081de022d18b6d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/letonez/libpam4j/commit/84f32f4001fc6bdcc125ccc959081de022d18b6d" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00008.html" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4025", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2017/dsa-4025" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12197", "reference_id": "CVE-2017-12197", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12197" }, { "reference_url": "https://github.com/advisories/GHSA-x9rg-q5fx-fx66", "reference_id": "GHSA-x9rg-q5fx-fx66", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x9rg-q5fx-fx66" } ], "fixed_packages": [], "aliases": [ "CVE-2017-12197", "GHSA-x9rg-q5fx-fx66" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tj32-sye9-gqfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14396?format=api", "vulnerability_id": "VCID-w7ds-xt1u-9uf9", "summary": "Improper Authentication\nIt was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2904", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2904" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2905", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2906", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2906" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12160.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68668", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68563", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68582", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.686", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68577", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68629", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68647", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68671", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.68658", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12160" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484154", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484154" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12160", "reference_id": "CVE-2017-12160", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12160" }, { "reference_url": "https://github.com/advisories/GHSA-qc72-gfvw-76h7", "reference_id": "GHSA-qc72-gfvw-76h7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qc72-gfvw-76h7" } ], "fixed_packages": [], "aliases": [ "CVE-2017-12160", "GHSA-qc72-gfvw-76h7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w7ds-xt1u-9uf9" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@2.5.14-1.Final_redhat_1.1.jbcs%3Farch=el7" }