Search for vulnerabilities
Vulnerability details: VCID-79zh-qj1t-7yeg
Vulnerability ID VCID-79zh-qj1t-7yeg
Aliases CVE-2024-8698
GHSA-4xx7-2cx3-x473
Summary keycloak-saml-core: Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-347 Improper Verification of Cryptographic Signature
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:6878
cvssv3.1 7.7 https://access.redhat.com/errata/RHSA-2024:6878
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:6878
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:6878
ssvc Track https://access.redhat.com/errata/RHSA-2024:6878
ssvc Track https://access.redhat.com/errata/RHSA-2024:6878
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:6879
cvssv3.1 7.7 https://access.redhat.com/errata/RHSA-2024:6879
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:6879
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:6879
ssvc Track https://access.redhat.com/errata/RHSA-2024:6879
ssvc Track https://access.redhat.com/errata/RHSA-2024:6879
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:6880
cvssv3.1 7.7 https://access.redhat.com/errata/RHSA-2024:6880
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:6880
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:6880
ssvc Track https://access.redhat.com/errata/RHSA-2024:6880
ssvc Track https://access.redhat.com/errata/RHSA-2024:6880
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:6882
cvssv3.1 7.7 https://access.redhat.com/errata/RHSA-2024:6882
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:6882
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:6882
ssvc Track https://access.redhat.com/errata/RHSA-2024:6882
ssvc Track https://access.redhat.com/errata/RHSA-2024:6882
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:6886
cvssv3.1 7.7 https://access.redhat.com/errata/RHSA-2024:6886
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:6886
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:6886
ssvc Track https://access.redhat.com/errata/RHSA-2024:6886
ssvc Track https://access.redhat.com/errata/RHSA-2024:6886
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:6887
cvssv3.1 7.7 https://access.redhat.com/errata/RHSA-2024:6887
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:6887
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:6887
ssvc Track https://access.redhat.com/errata/RHSA-2024:6887
ssvc Track https://access.redhat.com/errata/RHSA-2024:6887
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:6888
cvssv3.1 7.7 https://access.redhat.com/errata/RHSA-2024:6888
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:6888
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:6888
ssvc Track https://access.redhat.com/errata/RHSA-2024:6888
ssvc Track https://access.redhat.com/errata/RHSA-2024:6888
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:6889
cvssv3.1 7.7 https://access.redhat.com/errata/RHSA-2024:6889
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:6889
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:6889
ssvc Track https://access.redhat.com/errata/RHSA-2024:6889
ssvc Track https://access.redhat.com/errata/RHSA-2024:6889
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:6890
cvssv3.1 7.7 https://access.redhat.com/errata/RHSA-2024:6890
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:6890
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:6890
ssvc Track https://access.redhat.com/errata/RHSA-2024:6890
ssvc Track https://access.redhat.com/errata/RHSA-2024:6890
cvssv3.1 7.7 https://access.redhat.com/errata/RHSA-2024:8823
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:8823
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:8823
ssvc Track https://access.redhat.com/errata/RHSA-2024:8823
cvssv3.1 7.7 https://access.redhat.com/errata/RHSA-2024:8824
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:8824
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:8824
ssvc Track https://access.redhat.com/errata/RHSA-2024:8824
cvssv3.1 7.7 https://access.redhat.com/errata/RHSA-2024:8826
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:8826
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:8826
ssvc Track https://access.redhat.com/errata/RHSA-2024:8826
cvssv3 7.7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8698.json
cvssv3.1 7.7 https://access.redhat.com/security/cve/CVE-2024-8698
generic_textual HIGH https://access.redhat.com/security/cve/CVE-2024-8698
generic_textual MODERATE https://access.redhat.com/security/cve/CVE-2024-8698
ssvc Track https://access.redhat.com/security/cve/CVE-2024-8698
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.01145 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.01145 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.01145 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.01145 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.01145 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.01145 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.01145 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.01145 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.01145 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.01145 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.01237 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.29397 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.29397 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.29397 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.29397 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.29397 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.29397 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.29397 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.29397 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.29397 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.29397 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.29397 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.29397 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.41706 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.76172 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.76172 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.76172 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.76172 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.76172 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.76172 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.76172 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.76172 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.76172 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.76172 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.76172 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.76172 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.76172 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.76172 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.76172 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.76172 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.78443 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.7958 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.7958 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.7958 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.7958 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.7958 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.7958 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.7958 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
epss 0.7958 https://api.first.org/data/v1/epss?cve=CVE-2024-8698
cvssv3.1 7.7 https://bugzilla.redhat.com/show_bug.cgi?id=2311641
generic_textual HIGH https://bugzilla.redhat.com/show_bug.cgi?id=2311641
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=2311641
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2311641
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-4xx7-2cx3-x473
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-4xx7-2cx3-x473
cvssv3.1 6.8 https://github.com/keycloak/keycloak
cvssv3.1 7.7 https://github.com/keycloak/keycloak
generic_textual HIGH https://github.com/keycloak/keycloak
generic_textual MODERATE https://github.com/keycloak/keycloak
cvssv3.1 7.7 https://github.com/keycloak/keycloak/blob/main/saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLSignatureUtil.java#L415
generic_textual HIGH https://github.com/keycloak/keycloak/blob/main/saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLSignatureUtil.java#L415
generic_textual MODERATE https://github.com/keycloak/keycloak/blob/main/saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLSignatureUtil.java#L415
ssvc Track https://github.com/keycloak/keycloak/blob/main/saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLSignatureUtil.java#L415
cvssv3.1 6.8 https://github.com/keycloak/keycloak/releases/tag/25.0.6
cvssv3.1 7.7 https://github.com/keycloak/keycloak/releases/tag/25.0.6
generic_textual HIGH https://github.com/keycloak/keycloak/releases/tag/25.0.6
generic_textual MODERATE https://github.com/keycloak/keycloak/releases/tag/25.0.6
cvssv3 7.7 https://nvd.nist.gov/vuln/detail/CVE-2024-8698
cvssv3.1 7.7 https://nvd.nist.gov/vuln/detail/CVE-2024-8698
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2024-8698
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2024-8698
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8698.json
https://access.redhat.com/security/cve/CVE-2024-8698
https://api.first.org/data/v1/epss?cve=CVE-2024-8698
https://github.com/keycloak/keycloak
https://github.com/keycloak/keycloak/blob/main/saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLSignatureUtil.java#L415
https://github.com/keycloak/keycloak/releases/tag/25.0.6
https://nvd.nist.gov/vuln/detail/CVE-2024-8698
2311641 https://bugzilla.redhat.com/show_bug.cgi?id=2311641
cpe:/a:redhat:build_keycloak: https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
cpe:/a:redhat:build_keycloak:22 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
cpe:/a:redhat:build_keycloak:22::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
cpe:/a:redhat:build_keycloak:24 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24
cpe:/a:redhat:build_keycloak:24::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9
cpe:/a:redhat:jboss_enterprise_application_platform:8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
cpe:/a:redhat:jboss_enterprise_application_platform:8.0 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
cpe:/a:redhat:red_hat_single_sign_on:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
cpe:/a:redhat:red_hat_single_sign_on:7.6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
cpe:/a:redhat:red_hat_single_sign_on:7.6::el7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
cpe:/a:redhat:red_hat_single_sign_on:7.6::el8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
cpe:/a:redhat:red_hat_single_sign_on:7.6::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
cpe:/a:redhat:rhosemc:1.0::el8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
GHSA-4xx7-2cx3-x473 https://github.com/advisories/GHSA-4xx7-2cx3-x473
RHSA-2024:6878 https://access.redhat.com/errata/RHSA-2024:6878
RHSA-2024:6879 https://access.redhat.com/errata/RHSA-2024:6879
RHSA-2024:6880 https://access.redhat.com/errata/RHSA-2024:6880
RHSA-2024:6882 https://access.redhat.com/errata/RHSA-2024:6882
RHSA-2024:6886 https://access.redhat.com/errata/RHSA-2024:6886
RHSA-2024:6887 https://access.redhat.com/errata/RHSA-2024:6887
RHSA-2024:6888 https://access.redhat.com/errata/RHSA-2024:6888
RHSA-2024:6889 https://access.redhat.com/errata/RHSA-2024:6889
RHSA-2024:6890 https://access.redhat.com/errata/RHSA-2024:6890
RHSA-2024:8823 https://access.redhat.com/errata/RHSA-2024:8823
RHSA-2024:8824 https://access.redhat.com/errata/RHSA-2024:8824
RHSA-2024:8826 https://access.redhat.com/errata/RHSA-2024:8826
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:6878
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L Found at https://access.redhat.com/errata/RHSA-2024:6878
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/ Found at https://access.redhat.com/errata/RHSA-2024:6878
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:6878
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:6879
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L Found at https://access.redhat.com/errata/RHSA-2024:6879
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:6879
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/ Found at https://access.redhat.com/errata/RHSA-2024:6879
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:6880
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L Found at https://access.redhat.com/errata/RHSA-2024:6880
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/ Found at https://access.redhat.com/errata/RHSA-2024:6880
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:6880
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:6882
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L Found at https://access.redhat.com/errata/RHSA-2024:6882
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/ Found at https://access.redhat.com/errata/RHSA-2024:6882
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:6882
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:6886
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L Found at https://access.redhat.com/errata/RHSA-2024:6886
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/ Found at https://access.redhat.com/errata/RHSA-2024:6886
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:6886
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:6887
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L Found at https://access.redhat.com/errata/RHSA-2024:6887
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/ Found at https://access.redhat.com/errata/RHSA-2024:6887
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:6887
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:6888
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L Found at https://access.redhat.com/errata/RHSA-2024:6888
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/ Found at https://access.redhat.com/errata/RHSA-2024:6888
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:6888
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:6889
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L Found at https://access.redhat.com/errata/RHSA-2024:6889
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/ Found at https://access.redhat.com/errata/RHSA-2024:6889
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:6889
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:6890
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L Found at https://access.redhat.com/errata/RHSA-2024:6890
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:6890
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/ Found at https://access.redhat.com/errata/RHSA-2024:6890
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L Found at https://access.redhat.com/errata/RHSA-2024:8823
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/ Found at https://access.redhat.com/errata/RHSA-2024:8823
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L Found at https://access.redhat.com/errata/RHSA-2024:8824
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/ Found at https://access.redhat.com/errata/RHSA-2024:8824
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L Found at https://access.redhat.com/errata/RHSA-2024:8826
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/ Found at https://access.redhat.com/errata/RHSA-2024:8826
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8698.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L Found at https://access.redhat.com/security/cve/CVE-2024-8698
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/ Found at https://access.redhat.com/security/cve/CVE-2024-8698
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L Found at https://bugzilla.redhat.com/show_bug.cgi?id=2311641
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2311641
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/keycloak/keycloak
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L Found at https://github.com/keycloak/keycloak
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L Found at https://github.com/keycloak/keycloak/blob/main/saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLSignatureUtil.java#L415
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/ Found at https://github.com/keycloak/keycloak/blob/main/saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLSignatureUtil.java#L415
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/keycloak/keycloak/releases/tag/25.0.6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L Found at https://github.com/keycloak/keycloak/releases/tag/25.0.6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2024-8698
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2024-8698
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.32963
EPSS Score 0.00071
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-09-19T21:31:46.159895+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8698.json 34.0.1