{"url":"http://public2.vulnerablecode.io/api/packages/100360?format=json","purl":"pkg:rpm/redhat/rh-sso7-keycloak@9.0.15-1.redhat_00002.1?arch=el6sso","type":"rpm","namespace":"redhat","name":"rh-sso7-keycloak","version":"9.0.15-1.redhat_00002.1","qualifiers":{"arch":"el6sso"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53187?format=json","vulnerability_id":"VCID-14c3-xa9j-mbab","summary":"Incorrect implementation of lockout feature in Keycloak\nA flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3513","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3513"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3513","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.41881","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42174","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42225","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42131","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42077","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42073","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.41991","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.41852","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.41925","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.4194","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.41856","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.4213","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42189","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42216","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42156","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42207","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42214","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42238","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42201","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953439","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953439"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/pull/7976","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/7976"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3513","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3513"},{"reference_url":"https://security.archlinux.org/ASA-202105-6","reference_id":"ASA-202105-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-6"},{"reference_url":"https://security.archlinux.org/AVG-1926","reference_id":"AVG-1926","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1926"},{"reference_url":"https://github.com/advisories/GHSA-xv7h-95r7-595j","reference_id":"GHSA-xv7h-95r7-595j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xv7h-95r7-595j"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3527","reference_id":"RHSA-2021:3527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3528","reference_id":"RHSA-2021:3528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3529","reference_id":"RHSA-2021:3529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3534","reference_id":"RHSA-2021:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3534"}],"fixed_packages":[],"aliases":["CVE-2021-3513","GHSA-xv7h-95r7-595j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-14c3-xa9j-mbab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11721?format=json","vulnerability_id":"VCID-e6xc-qk88-nqcr","summary":"Allocation of Resources Without Limits or Throttling\nThis affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28491.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28491.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28491","reference_id":"","reference_type":"","scores":[{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59691","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59722","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59737","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.5973","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59696","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59715","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59731","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59711","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59698","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59647","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59677","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59652","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59579","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.62657","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.62623","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.62573","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.62621","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.62672","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.62632","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28491"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/jackson-dataformats-binary","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-dataformats-binary"},{"reference_url":"https://github.com/FasterXML/jackson-dataformats-binary/commit/3d7de83423f8f68f8e9a0c8250084e11818544c7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-dataformats-binary/commit/3d7de83423f8f68f8e9a0c8250084e11818544c7"},{"reference_url":"https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6"},{"reference_url":"https://github.com/FasterXML/jackson-dataformats-binary/issues/186","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-dataformats-binary/issues/186"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930423","reference_id":"1930423","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930423"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983664","reference_id":"983664","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983664"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28491","reference_id":"CVE-2020-28491","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28491"},{"reference_url":"https://github.com/advisories/GHSA-xmc8-26q4-qjhx","reference_id":"GHSA-xmc8-26q4-qjhx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xmc8-26q4-qjhx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3125","reference_id":"RHSA-2021:3125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3527","reference_id":"RHSA-2021:3527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3528","reference_id":"RHSA-2021:3528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3529","reference_id":"RHSA-2021:3529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3534","reference_id":"RHSA-2021:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3880","reference_id":"RHSA-2021:3880","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4767","reference_id":"RHSA-2021:4767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4918","reference_id":"RHSA-2021:4918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5134","reference_id":"RHSA-2021:5134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0296","reference_id":"RHSA-2022:0296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0297","reference_id":"RHSA-2022:0297","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0297"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0721","reference_id":"RHSA-2022:0721","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0721"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0727","reference_id":"RHSA-2022:0727","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0727"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0728","reference_id":"RHSA-2022:0728","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0728"}],"fixed_packages":[],"aliases":["CVE-2020-28491","GHSA-xmc8-26q4-qjhx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e6xc-qk88-nqcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53144?format=json","vulnerability_id":"VCID-gndk-728r-9yh7","summary":"Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow\nA flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3632","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3632"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3632","reference_id":"","reference_type":"","scores":[{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66215","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.6611","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66129","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66117","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66087","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66123","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66137","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66125","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66145","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66157","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66156","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66135","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66179","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66222","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66194","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66012","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66055","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66083","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66049","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66098","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3632"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1978196","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1978196"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4"},{"reference_url":"https://github.com/keycloak/keycloak/pull/8203","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/8203"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-18500","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-18500"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3632","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3632"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://github.com/advisories/GHSA-qpq9-jpv4-6gwr","reference_id":"GHSA-qpq9-jpv4-6gwr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qpq9-jpv4-6gwr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3527","reference_id":"RHSA-2021:3527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3528","reference_id":"RHSA-2021:3528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3529","reference_id":"RHSA-2021:3529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3534","reference_id":"RHSA-2021:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3534"}],"fixed_packages":[],"aliases":["CVE-2021-3632","GHSA-qpq9-jpv4-6gwr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gndk-728r-9yh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53314?format=json","vulnerability_id":"VCID-j1rd-aem6-vfgj","summary":"Keycloak vulnerable to Improper Certificate Validation\nkeycloak accepts an expired certificate by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.\n\nThis issue was partially fixed in version [13.0.1](https://github.com/keycloak/keycloak/pull/6330) and more completely fixed in version [14.0.0](https://github.com/keycloak/keycloak/pull/8067).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35509.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35509.json"},{"reference_url":"https://access.redhat.com/security/cve/cve-2020-35509","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-30T19:38:02Z/"}],"url":"https://access.redhat.com/security/cve/cve-2020-35509"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35509","reference_id":"","reference_type":"","scores":[{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24772","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24911","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.2498","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25025","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25039","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24999","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24945","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24958","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.2495","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24923","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24866","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24854","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.2481","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24685","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24762","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24827","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24753","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25021","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25098","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25137","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35509"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912427","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912427"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/blob/4f330f4a57cbfcf6202b60546518261c66e59a35/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.java#L74-L76","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/blob/4f330f4a57cbfcf6202b60546518261c66e59a35/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.java#L74-L76"},{"reference_url":"https://github.com/keycloak/keycloak/commit/478319348bdfdb9b6d39122f41edf2af79f679bb","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/478319348bdfdb9b6d39122f41edf2af79f679bb"},{"reference_url":"https://github.com/keycloak/keycloak/pull/6330","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/6330"},{"reference_url":"https://github.com/keycloak/keycloak/pull/8067","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/8067"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35509","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35509"},{"reference_url":"https://security.archlinux.org/ASA-202106-53","reference_id":"ASA-202106-53","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-53"},{"reference_url":"https://security.archlinux.org/AVG-2084","reference_id":"AVG-2084","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2084"},{"reference_url":"https://github.com/advisories/GHSA-rpj2-w6fr-79hc","reference_id":"GHSA-rpj2-w6fr-79hc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rpj2-w6fr-79hc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3527","reference_id":"RHSA-2021:3527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3528","reference_id":"RHSA-2021:3528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3529","reference_id":"RHSA-2021:3529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3534","reference_id":"RHSA-2021:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3534"}],"fixed_packages":[],"aliases":["CVE-2020-35509","GHSA-rpj2-w6fr-79hc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j1rd-aem6-vfgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10894?format=json","vulnerability_id":"VCID-xdfe-9zr4-47ax","summary":"Allocation of Resources Without Limits or Throttling\nA flaw was found in keycloak-model-infinispan in keycloak where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3637.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3637.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3637","reference_id":"","reference_type":"","scores":[{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64597","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64538","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64512","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64559","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64603","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64574","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64383","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64437","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64468","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64427","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64475","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64491","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64506","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64495","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64467","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64501","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64513","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64505","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64526","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3637"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1979638","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1979638"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3637","reference_id":"CVE-2021-3637","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3637"},{"reference_url":"https://github.com/advisories/GHSA-2vp8-jv5v-6qh6","reference_id":"GHSA-2vp8-jv5v-6qh6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2vp8-jv5v-6qh6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3527","reference_id":"RHSA-2021:3527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3528","reference_id":"RHSA-2021:3528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3529","reference_id":"RHSA-2021:3529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3534","reference_id":"RHSA-2021:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3534"}],"fixed_packages":[],"aliases":["CVE-2021-3637","GHSA-2vp8-jv5v-6qh6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xdfe-9zr4-47ax"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@9.0.15-1.redhat_00002.1%3Farch=el6sso"}