Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/rh-sso7@1-5?arch=el9sso
purl pkg:rpm/redhat/rh-sso7@1-5?arch=el9sso
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (11)
Vulnerability Summary Fixed by
VCID-5tzs-qhg5-rbbe
Aliases:
CVE-2021-42575
GHSA-3w73-fmf3-hg5c
Improper Input Validation The OWASP Java HTML Sanitizer does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. There are no reported fixed by versions.
VCID-7z49-f322-n7g8
Aliases:
CVE-2022-2668
GHSA-wf7g-7h6h-678v
Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console An issue was discovered in Keycloak allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the `UPLOAD_SCRIPTS` feature is disabled There are no reported fixed by versions.
VCID-93ut-2de3-ckc5
Aliases:
CVE-2022-1319
undertow: Double AJP response for 400 from EAP 7 results in CPING failures There are no reported fixed by versions.
VCID-e3vc-jpft-gye7
Aliases:
CVE-2022-0084
GHSA-76fg-mhrg-fmmg
XNIO `notifyReadClosed` method logging message to unexpected end A flaw was found in XNIO, specifically in the `notifyReadClosed` method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. A fix for this issue is available on the `3.x` branch of the repository. There are no reported fixed by versions.
VCID-jstt-6zs3-ybew
Aliases:
CVE-2021-42392
GHSA-h376-j262-vhq6
GMS-2022-7
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in com.h2database:h2. There are no reported fixed by versions.
VCID-n23y-qjaf-tfcm
Aliases:
CVE-2022-0225
GHSA-fqc7-5xxc-ph7r
Keycloak XSS via use of malicious payload as group name when creating new group from admin console A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack. There are no reported fixed by versions.
VCID-sk2v-nmmr-h7d1
Aliases:
CVE-2022-0853
jboss-client: memory leakage in remote client transaction There are no reported fixed by versions.
VCID-swu5-a9h5-ffex
Aliases:
CVE-2021-43797
GHSA-wx5j-54mm-rqqq
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') This CVE has been marked as a False Positive and has been removed. There are no reported fixed by versions.
VCID-v45q-vzz5-4bgd
Aliases:
CVE-2022-0866
wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled There are no reported fixed by versions.
VCID-v6ek-y7cn-kycd
Aliases:
CVE-2020-36518
GHSA-57j2-w4cx-62h2
Uncontrolled Resource Consumption jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. There are no reported fixed by versions.
VCID-zy5r-wxv8-g3e8
Aliases:
CVE-2022-23913
GHSA-pr38-qpxm-g88x
Uncontrolled Resource Consumption In Apache ActiveMQ Artemis, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:05:01.587454+00:00 RedHat Importer Affected by VCID-v6ek-y7cn-kycd https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36518.json 38.0.0
2026-04-01T14:01:15.772206+00:00 RedHat Importer Affected by VCID-5tzs-qhg5-rbbe https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42575.json 38.0.0
2026-04-01T14:00:55.016082+00:00 RedHat Importer Affected by VCID-swu5-a9h5-ffex https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43797.json 38.0.0
2026-04-01T14:00:36.333912+00:00 RedHat Importer Affected by VCID-jstt-6zs3-ybew https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42392.json 38.0.0
2026-04-01T14:00:29.898822+00:00 RedHat Importer Affected by VCID-n23y-qjaf-tfcm https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0225.json 38.0.0
2026-04-01T13:59:45.087134+00:00 RedHat Importer Affected by VCID-zy5r-wxv8-g3e8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23913.json 38.0.0
2026-04-01T13:59:29.195633+00:00 RedHat Importer Affected by VCID-sk2v-nmmr-h7d1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0853.json 38.0.0
2026-04-01T13:59:13.076552+00:00 RedHat Importer Affected by VCID-e3vc-jpft-gye7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0084.json 38.0.0
2026-04-01T13:59:00.135451+00:00 RedHat Importer Affected by VCID-93ut-2de3-ckc5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json 38.0.0
2026-04-01T13:58:39.006265+00:00 RedHat Importer Affected by VCID-v45q-vzz5-4bgd https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0866.json 38.0.0
2026-04-01T13:57:28.111408+00:00 RedHat Importer Affected by VCID-7z49-f322-n7g8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json 38.0.0