Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/rh-sso7-keycloak@2.5.14-1.Final_redhat_1.1.jbcs?arch=el6
Typerpm
Namespaceredhat
Namerh-sso7-keycloak
Version2.5.14-1.Final_redhat_1.1.jbcs
Qualifiers
arch el6
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-4bbz-11ta-ybft
vulnerability_id VCID-4bbz-11ta-ybft
summary jasypt before 1.9.2 allows a timing attack against the password hash comparison.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:2546
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2546
1
reference_url https://access.redhat.com/errata/RHSA-2017:2547
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2547
2
reference_url https://access.redhat.com/errata/RHSA-2017:2808
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2808
3
reference_url https://access.redhat.com/errata/RHSA-2017:2809
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2809
4
reference_url https://access.redhat.com/errata/RHSA-2017:2810
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2810
5
reference_url https://access.redhat.com/errata/RHSA-2017:2811
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2811
6
reference_url https://access.redhat.com/errata/RHSA-2017:3141
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3141
7
reference_url https://access.redhat.com/errata/RHSA-2018:0294
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0294
8
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9970.json
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9970.json
9
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-9970
reference_id
reference_type
scores
0
value 0.00701
scoring_system epss
scoring_elements 0.72074
published_at 2026-04-18T12:55:00Z
1
value 0.00701
scoring_system epss
scoring_elements 0.72033
published_at 2026-04-09T12:55:00Z
2
value 0.00701
scoring_system epss
scoring_elements 0.72056
published_at 2026-04-11T12:55:00Z
3
value 0.00701
scoring_system epss
scoring_elements 0.7204
published_at 2026-04-12T12:55:00Z
4
value 0.00701
scoring_system epss
scoring_elements 0.72025
published_at 2026-04-13T12:55:00Z
5
value 0.00701
scoring_system epss
scoring_elements 0.72066
published_at 2026-04-16T12:55:00Z
6
value 0.00701
scoring_system epss
scoring_elements 0.71978
published_at 2026-04-01T12:55:00Z
7
value 0.00701
scoring_system epss
scoring_elements 0.71986
published_at 2026-04-02T12:55:00Z
8
value 0.00701
scoring_system epss
scoring_elements 0.72006
published_at 2026-04-04T12:55:00Z
9
value 0.00701
scoring_system epss
scoring_elements 0.71982
published_at 2026-04-07T12:55:00Z
10
value 0.00701
scoring_system epss
scoring_elements 0.7202
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-9970
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9970
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9970
11
reference_url https://github.com/jboss-fuse/jasypt/commit/8e62852a8018978ee19d39056c650fb66ffa0ff6
reference_id
reference_type
scores
url https://github.com/jboss-fuse/jasypt/commit/8e62852a8018978ee19d39056c650fb66ffa0ff6
12
reference_url https://sourceforge.net/p/jasypt/code/668
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://sourceforge.net/p/jasypt/code/668
13
reference_url https://sourceforge.net/p/jasypt/code/668/
reference_id
reference_type
scores
url https://sourceforge.net/p/jasypt/code/668/
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1455566
reference_id 1455566
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1455566
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-9970
reference_id CVE-2014-9970
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-9970
16
reference_url https://github.com/advisories/GHSA-r5c2-rxh2-f5h2
reference_id GHSA-r5c2-rxh2-f5h2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r5c2-rxh2-f5h2
fixed_packages
aliases CVE-2014-9970, GHSA-r5c2-rxh2-f5h2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4bbz-11ta-ybft
1
url VCID-9bn2-agpc-hfdz
vulnerability_id VCID-9bn2-agpc-hfdz
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:2904
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2904
1
reference_url https://access.redhat.com/errata/RHSA-2017:2905
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2905
2
reference_url https://access.redhat.com/errata/RHSA-2017:2906
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2906
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12158.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12158.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12158
reference_id
reference_type
scores
0
value 0.00668
scoring_system epss
scoring_elements 0.71232
published_at 2026-04-07T12:55:00Z
1
value 0.00668
scoring_system epss
scoring_elements 0.71331
published_at 2026-04-18T12:55:00Z
2
value 0.00668
scoring_system epss
scoring_elements 0.71257
published_at 2026-04-04T12:55:00Z
3
value 0.00668
scoring_system epss
scoring_elements 0.71273
published_at 2026-04-08T12:55:00Z
4
value 0.00668
scoring_system epss
scoring_elements 0.71325
published_at 2026-04-16T12:55:00Z
5
value 0.00668
scoring_system epss
scoring_elements 0.71279
published_at 2026-04-13T12:55:00Z
6
value 0.00668
scoring_system epss
scoring_elements 0.71294
published_at 2026-04-12T12:55:00Z
7
value 0.00668
scoring_system epss
scoring_elements 0.71231
published_at 2026-04-01T12:55:00Z
8
value 0.00668
scoring_system epss
scoring_elements 0.7131
published_at 2026-04-11T12:55:00Z
9
value 0.00668
scoring_system epss
scoring_elements 0.71287
published_at 2026-04-09T12:55:00Z
10
value 0.00668
scoring_system epss
scoring_elements 0.71239
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12158
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1489161
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1489161
6
reference_url https://web.archive.org/web/20210124114020/http://www.securityfocus.com/bid/101618
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210124114020/http://www.securityfocus.com/bid/101618
7
reference_url http://www.securityfocus.com/bid/101618
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/101618
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12158
reference_id CVE-2017-12158
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:N/I:P/A:N
1
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12158
14
reference_url https://github.com/advisories/GHSA-v38p-mqq3-m6v5
reference_id GHSA-v38p-mqq3-m6v5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v38p-mqq3-m6v5
fixed_packages
aliases CVE-2017-12158, GHSA-v38p-mqq3-m6v5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9bn2-agpc-hfdz
2
url VCID-f763-ps3s-b3ep
vulnerability_id VCID-f763-ps3s-b3ep
summary It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:2904
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2904
1
reference_url https://access.redhat.com/errata/RHSA-2017:2905
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2905
2
reference_url https://access.redhat.com/errata/RHSA-2017:2906
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2906
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12159.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12159.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12159
reference_id
reference_type
scores
0
value 0.00588
scoring_system epss
scoring_elements 0.69172
published_at 2026-04-18T12:55:00Z
1
value 0.00588
scoring_system epss
scoring_elements 0.69075
published_at 2026-04-02T12:55:00Z
2
value 0.00588
scoring_system epss
scoring_elements 0.69097
published_at 2026-04-04T12:55:00Z
3
value 0.00588
scoring_system epss
scoring_elements 0.69078
published_at 2026-04-07T12:55:00Z
4
value 0.00588
scoring_system epss
scoring_elements 0.69128
published_at 2026-04-08T12:55:00Z
5
value 0.00588
scoring_system epss
scoring_elements 0.69147
published_at 2026-04-09T12:55:00Z
6
value 0.00588
scoring_system epss
scoring_elements 0.69169
published_at 2026-04-11T12:55:00Z
7
value 0.00588
scoring_system epss
scoring_elements 0.69153
published_at 2026-04-12T12:55:00Z
8
value 0.00588
scoring_system epss
scoring_elements 0.69124
published_at 2026-04-13T12:55:00Z
9
value 0.00588
scoring_system epss
scoring_elements 0.69163
published_at 2026-04-16T12:55:00Z
10
value 0.00588
scoring_system epss
scoring_elements 0.69059
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12159
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1484111
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1484111
6
reference_url https://github.com/keycloak/keycloak/commit/9b75b603e3a5f5ba6deff13cbb45b070bf2d2239
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak/commit/9b75b603e3a5f5ba6deff13cbb45b070bf2d2239
7
reference_url https://web.archive.org/web/20210124113906/http://www.securityfocus.com/bid/101601
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210124113906/http://www.securityfocus.com/bid/101601
8
reference_url http://www.securityfocus.com/bid/101601
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/101601
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12159
reference_id CVE-2017-12159
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12159
15
reference_url https://github.com/advisories/GHSA-7fmw-85qm-h22p
reference_id GHSA-7fmw-85qm-h22p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7fmw-85qm-h22p
fixed_packages
aliases CVE-2017-12159, GHSA-7fmw-85qm-h22p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f763-ps3s-b3ep
3
url VCID-tj32-sye9-gqfe
vulnerability_id VCID-tj32-sye9-gqfe
summary It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:2904
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2904
1
reference_url https://access.redhat.com/errata/RHSA-2017:2905
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2905
2
reference_url https://access.redhat.com/errata/RHSA-2017:2906
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2906
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12197.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12197.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12197
reference_id
reference_type
scores
0
value 0.00506
scoring_system epss
scoring_elements 0.66269
published_at 2026-04-18T12:55:00Z
1
value 0.00506
scoring_system epss
scoring_elements 0.66144
published_at 2026-04-01T12:55:00Z
2
value 0.00506
scoring_system epss
scoring_elements 0.66185
published_at 2026-04-02T12:55:00Z
3
value 0.00506
scoring_system epss
scoring_elements 0.66212
published_at 2026-04-04T12:55:00Z
4
value 0.00506
scoring_system epss
scoring_elements 0.66181
published_at 2026-04-07T12:55:00Z
5
value 0.00506
scoring_system epss
scoring_elements 0.66229
published_at 2026-04-08T12:55:00Z
6
value 0.00506
scoring_system epss
scoring_elements 0.66242
published_at 2026-04-09T12:55:00Z
7
value 0.00506
scoring_system epss
scoring_elements 0.66262
published_at 2026-04-11T12:55:00Z
8
value 0.00506
scoring_system epss
scoring_elements 0.66249
published_at 2026-04-12T12:55:00Z
9
value 0.00506
scoring_system epss
scoring_elements 0.66218
published_at 2026-04-13T12:55:00Z
10
value 0.00506
scoring_system epss
scoring_elements 0.66254
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12197
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1503103
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1503103
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12197
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12197
7
reference_url https://github.com/kohsuke/libpam4j
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kohsuke/libpam4j
8
reference_url https://github.com/kohsuke/libpam4j/commit/02ffdff218283629ba4a902e7fe2fd44646abc21
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kohsuke/libpam4j/commit/02ffdff218283629ba4a902e7fe2fd44646abc21
9
reference_url https://github.com/kohsuke/libpam4j/issues/18
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kohsuke/libpam4j/issues/18
10
reference_url https://github.com/letonez/libpam4j/commit/84f32f4001fc6bdcc125ccc959081de022d18b6d
reference_id
reference_type
scores
url https://github.com/letonez/libpam4j/commit/84f32f4001fc6bdcc125ccc959081de022d18b6d
11
reference_url https://lists.debian.org/debian-lts-announce/2017/11/msg00008.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2017/11/msg00008.html
12
reference_url https://www.debian.org/security/2017/dsa-4025
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2017/dsa-4025
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12197
reference_id CVE-2017-12197
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12197
14
reference_url https://github.com/advisories/GHSA-x9rg-q5fx-fx66
reference_id GHSA-x9rg-q5fx-fx66
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x9rg-q5fx-fx66
fixed_packages
aliases CVE-2017-12197, GHSA-x9rg-q5fx-fx66
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tj32-sye9-gqfe
4
url VCID-w7ds-xt1u-9uf9
vulnerability_id VCID-w7ds-xt1u-9uf9
summary 
Improper Authentication
It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:2904
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2904
1
reference_url https://access.redhat.com/errata/RHSA-2017:2905
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2905
2
reference_url https://access.redhat.com/errata/RHSA-2017:2906
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2906
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12160.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12160.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12160
reference_id
reference_type
scores
0
value 0.00571
scoring_system epss
scoring_elements 0.68679
published_at 2026-04-18T12:55:00Z
1
value 0.00571
scoring_system epss
scoring_elements 0.68582
published_at 2026-04-02T12:55:00Z
2
value 0.00571
scoring_system epss
scoring_elements 0.686
published_at 2026-04-04T12:55:00Z
3
value 0.00571
scoring_system epss
scoring_elements 0.68577
published_at 2026-04-07T12:55:00Z
4
value 0.00571
scoring_system epss
scoring_elements 0.68629
published_at 2026-04-13T12:55:00Z
5
value 0.00571
scoring_system epss
scoring_elements 0.68647
published_at 2026-04-09T12:55:00Z
6
value 0.00571
scoring_system epss
scoring_elements 0.68671
published_at 2026-04-11T12:55:00Z
7
value 0.00571
scoring_system epss
scoring_elements 0.68658
published_at 2026-04-12T12:55:00Z
8
value 0.00571
scoring_system epss
scoring_elements 0.68668
published_at 2026-04-16T12:55:00Z
9
value 0.00571
scoring_system epss
scoring_elements 0.68563
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12160
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1484154
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1484154
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12160
reference_id CVE-2017-12160
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12160
9
reference_url https://github.com/advisories/GHSA-qc72-gfvw-76h7
reference_id GHSA-qc72-gfvw-76h7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qc72-gfvw-76h7
fixed_packages
aliases CVE-2017-12160, GHSA-qc72-gfvw-76h7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w7ds-xt1u-9uf9
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@2.5.14-1.Final_redhat_1.1.jbcs%3Farch=el6