{"url":"http://public2.vulnerablecode.io/api/packages/298111?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@17.0.0","type":"maven","namespace":"org.keycloak","name":"keycloak-parent","version":"17.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20721?format=json","vulnerability_id":"VCID-3jpe-awam-wqdz","summary":"Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization\nA flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the \"Bearer\" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0707.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0707.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-0707","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-0707"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0707","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08154","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08251","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08233","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08127","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08113","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08277","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08254","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08216","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08182","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08195","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08248","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08196","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0826","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0828","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0827","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0707"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427768","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427768"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0707","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0707"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-gv94-wp4h-vv8p","reference_id":"GHSA-gv94-wp4h-vv8p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gv94-wp4h-vv8p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/307386?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@26.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-umcf-t6w5-juha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@26.5.1"}],"aliases":["CVE-2026-0707","GHSA-gv94-wp4h-vv8p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3jpe-awam-wqdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52356?format=json","vulnerability_id":"VCID-7z49-f322-n7g8","summary":"Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console\nAn issue was discovered in Keycloak allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the `UPLOAD_SCRIPTS` feature is disabled","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-2668","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2022-2668"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2668","reference_id":"","reference_type":"","scores":[{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64739","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64656","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64704","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64719","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64736","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64724","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64696","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64733","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64744","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.6473","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64749","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64762","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64759","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.6467","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64698","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2668"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2115392","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2115392"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2668","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2668"},{"reference_url":"https://github.com/advisories/GHSA-wf7g-7h6h-678v","reference_id":"GHSA-wf7g-7h6h-678v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wf7g-7h6h-678v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6782","reference_id":"RHSA-2022:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6783","reference_id":"RHSA-2022:6783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6787","reference_id":"RHSA-2022:6787","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6787"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80154?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@19.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-umcf-t6w5-juha"},{"vulnerability":"VCID-xauc-r9cm-sycu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@19.0.2"}],"aliases":["CVE-2022-2668","GHSA-wf7g-7h6h-678v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7z49-f322-n7g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13963?format=json","vulnerability_id":"VCID-8cmx-d3j7-vqbz","summary":"Reflected XSS on clients-registrations endpoint\nA POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. When a malicious request is sent to the client registration endpoint, the error message is not properly escaped, allowing an attacker to execute malicious scripts into the user's browser.","references":[{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/advisories/GHSA-m98g-63qj-fp8j","reference_id":"GHSA-m98g-63qj-fp8j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m98g-63qj-fp8j"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m98g-63qj-fp8j","reference_id":"GHSA-m98g-63qj-fp8j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m98g-63qj-fp8j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50027?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@18.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-umcf-t6w5-juha"},{"vulnerability":"VCID-xauc-r9cm-sycu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@18.0.0"}],"aliases":["GHSA-m98g-63qj-fp8j","GMS-2022-1097"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8cmx-d3j7-vqbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13947?format=json","vulnerability_id":"VCID-8zrg-f41g-pqfk","summary":"ECP SAML binding bypasses authentication flows\n### Description\nA flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3827","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3827"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3827","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43154","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43153","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43218","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43283","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43248","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.42941","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43074","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43196","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43247","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.4326","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.4328","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43294","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43174","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43233","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.4323","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43259","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3827"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2007512","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2007512"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3827","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3827"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://github.com/advisories/GHSA-4pc7-vqv5-5r3v","reference_id":"GHSA-4pc7-vqv5-5r3v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4pc7-vqv5-5r3v"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v","reference_id":"GHSA-4pc7-vqv5-5r3v","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0151","reference_id":"RHSA-2022:0151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0152","reference_id":"RHSA-2022:0152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0155","reference_id":"RHSA-2022:0155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0164","reference_id":"RHSA-2022:0164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0164"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50027?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@18.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-umcf-t6w5-juha"},{"vulnerability":"VCID-xauc-r9cm-sycu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@18.0.0"}],"aliases":["CVE-2021-3827","GHSA-4pc7-vqv5-5r3v","GMS-2022-1098"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8zrg-f41g-pqfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52351?format=json","vulnerability_id":"VCID-cabc-jrpz-vuad","summary":"Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles\nA Stored XSS vulnerability was reported in the Keycloak Security mailing list, affecting all the versions of Keycloak, including the latest release (18.0.1). The vulnerability allows a privileged attacker to execute malicious scripts in the admin console, abusing of the default roles functionality. \n\n### CVSS 3.1 - **3.8**\n\n**Vector String:** AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N\n\n**Vector Clarification:**\n\n* User interaction is not required as the admin console is regularly used during an administrator's work\n* The scope is unchanged since the admin console web application is both the vulnerable component and where the exploit executes\n\n### Credits\n\nAytaç Kalıncı, Ilker Bulgurcu, Yasin Yılmaz (@aytackalinci, @smileronin, @yasinyilmaz) - NETAŞ PENTEST TEAM","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2256.json","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2256.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2256","reference_id":"","reference_type":"","scores":[{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75469","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.7534","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75383","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75393","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75413","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75391","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.7538","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75421","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75428","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75418","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75452","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75457","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75461","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75328","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.7536","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2256"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2101942","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2101942"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/8e705a65ab2aa2b079374ec859ee7a75fad5a7d9","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/8e705a65ab2aa2b079374ec859ee7a75fad5a7d9"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2256","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2256"},{"reference_url":"https://github.com/advisories/GHSA-w9mf-83w3-fv49","reference_id":"GHSA-w9mf-83w3-fv49","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w9mf-83w3-fv49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6782","reference_id":"RHSA-2022:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6783","reference_id":"RHSA-2022:6783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6787","reference_id":"RHSA-2022:6787","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6787"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80154?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@19.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-umcf-t6w5-juha"},{"vulnerability":"VCID-xauc-r9cm-sycu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@19.0.2"}],"aliases":["CVE-2022-2256","GHSA-w9mf-83w3-fv49"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cabc-jrpz-vuad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19109?format=json","vulnerability_id":"VCID-dxj3-8sk5-mfdy","summary":"Insufficient Session Expiration\nA flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8961","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8961"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8962","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8963","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8963"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8964","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8964"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8965","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8965"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1043","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1044","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1045","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1047","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1049","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1049"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3916","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45188","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45418","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45438","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45382","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45437","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45458","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45428","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4543","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45481","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45477","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45344","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45354","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45293","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3916"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141404","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141404"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6.1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-3916","reference_id":"CVE-2022-3916","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2022-3916"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3916","reference_id":"CVE-2022-3916","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3916"},{"reference_url":"https://github.com/advisories/GHSA-97g8-xfvw-q4hg","reference_id":"GHSA-97g8-xfvw-q4hg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-97g8-xfvw-q4hg"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg","reference_id":"GHSA-97g8-xfvw-q4hg","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60142?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@20.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-umcf-t6w5-juha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.2"}],"aliases":["CVE-2022-3916","GHSA-97g8-xfvw-q4hg","GMS-2022-8406"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dxj3-8sk5-mfdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21803?format=json","vulnerability_id":"VCID-jkh6-bvx2-dycm","summary":"Keycloak Server-Side Request Forgery (SSRF) vulnerability\nA flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1518.json","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1518.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-1518","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T14:03:51Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-1518"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1518","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01411","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01396","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01406","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.014","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01412","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01673","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01581","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01572","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01561","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01576","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01665","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01675","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01671","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01696","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1518"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433727","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T14:03:51Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433727"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1518","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1518"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://github.com/advisories/GHSA-fwhw-chw4-gh37","reference_id":"GHSA-fwhw-chw4-gh37","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fwhw-chw4-gh37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/307387?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@26.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-umcf-t6w5-juha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@26.5.3"}],"aliases":["CVE-2026-1518","GHSA-fwhw-chw4-gh37"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jkh6-bvx2-dycm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20636?format=json","vulnerability_id":"VCID-nhe2-8dtq-gqbf","summary":"URL Redirection to Untrusted Site ('Open Redirect')\nA flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7854","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7855","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7856","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7857","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7858","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7860","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7861","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7861"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6291","reference_id":"","reference_type":"","scores":[{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39221","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39721","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39743","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39661","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39715","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.3973","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39739","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39703","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39687","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39737","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39708","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39624","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39446","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39432","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39349","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6291"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251407","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251407"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6","reference_id":"cpe:/a:redhat:migration_toolkit_applications:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7","reference_id":"cpe:/a:redhat:migration_toolkit_applications:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1","reference_id":"cpe:/a:redhat:serverless:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6291","reference_id":"CVE-2023-6291","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-6291"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6291","reference_id":"CVE-2023-6291","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6291"},{"reference_url":"https://github.com/advisories/GHSA-mpwq-j3xf-7m5w","reference_id":"GHSA-mpwq-j3xf-7m5w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mpwq-j3xf-7m5w"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w","reference_id":"GHSA-mpwq-j3xf-7m5w","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62295?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@23.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-umcf-t6w5-juha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@23.0.0"}],"aliases":["CVE-2023-6291","GHSA-mpwq-j3xf-7m5w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nhe2-8dtq-gqbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54821?format=json","vulnerability_id":"VCID-umcf-t6w5-juha","summary":"Keycloak Authentication Error\nA vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14910.json","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14910.json"},{"reference_url":"https://access.redhat.com/security/cve/cve-2019-14910","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2019-14910"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14910","reference_id":"","reference_type":"","scores":[{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61865","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61883","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61926","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61931","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61914","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.6191","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61927","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.6192","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61754","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61828","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61859","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61829","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61878","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61894","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61915","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61903","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14910"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14910","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14910"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14910","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14910"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1778265","reference_id":"1778265","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1778265"},{"reference_url":"https://github.com/advisories/GHSA-jf86-9434-f8c2","reference_id":"GHSA-jf86-9434-f8c2","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jf86-9434-f8c2"}],"fixed_packages":[],"aliases":["CVE-2019-14910","GHSA-jf86-9434-f8c2"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-umcf-t6w5-juha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52574?format=json","vulnerability_id":"VCID-xauc-r9cm-sycu","summary":"Keycloak vulnerable to path traversal via double URL encoding\nKeycloak does not properly validate URLs included in a redirect. An attacker could construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain, or possibly conduct further attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3782.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3782.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-3782","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-09T13:41:56Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2022-3782"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3782","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30467","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.3107","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31077","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31033","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30988","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31019","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30968","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30811","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30693","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.3061","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31119","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31166","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30985","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31042","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3782"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/pull/15982/commits/1987c942f527b9f3bbf2a86ba71ba8ae0154ac37","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/15982/commits/1987c942f527b9f3bbf2a86ba71ba8ae0154ac37"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-g8q8-fggx-9r3q","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-g8q8-fggx-9r3q"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3782","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3782"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2138971","reference_id":"2138971","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2138971"},{"reference_url":"https://github.com/advisories/GHSA-g8q8-fggx-9r3q","reference_id":"GHSA-g8q8-fggx-9r3q","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g8q8-fggx-9r3q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1285","reference_id":"RHSA-2023:1285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1661","reference_id":"RHSA-2023:1661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2041","reference_id":"RHSA-2023:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3185","reference_id":"RHSA-2023:3185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3815","reference_id":"RHSA-2023:3815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3815"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/307318?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@20.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-umcf-t6w5-juha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60142?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@20.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-umcf-t6w5-juha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.2"}],"aliases":["CVE-2022-3782","GHSA-g8q8-fggx-9r3q","GMS-2022-8407"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xauc-r9cm-sycu"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@17.0.0"}