VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-7qnt-1wwt-aaap

Essentials
Severities (118)
References (26)
Severity details (31)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-7qnt-1wwt-aaap
Aliases	CVE-2022-3916 GHSA-97g8-xfvw-q4hg GMS-2022-8406
Summary	Keycloak vulnerable to session takeover with OIDC offline refreshtokens
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (7)

CWE-613	Insufficient Session Expiration
CWE-287	Improper Authentication
CWE-304	Missing Critical Step in Authentication
CWE-488	Exposure of Data Element to Wrong Session
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-384	Session Fixation

System	Score	Found at
cvssv3.1	6.8	https://access.redhat.com/errata/RHSA-2022:8961
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2022:8961
cvssv3.1	6.8	https://access.redhat.com/errata/RHSA-2022:8962
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2022:8962
cvssv3.1	6.8	https://access.redhat.com/errata/RHSA-2022:8963
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2022:8963
cvssv3.1	6.8	https://access.redhat.com/errata/RHSA-2022:8964
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2022:8964
cvssv3.1	6.8	https://access.redhat.com/errata/RHSA-2022:8965
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2022:8965
cvssv3.1	8.1	https://access.redhat.com/errata/RHSA-2023:1043
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2023:1043
cvssv3.1	8.1	https://access.redhat.com/errata/RHSA-2023:1044
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2023:1044
cvssv3.1	8.1	https://access.redhat.com/errata/RHSA-2023:1045
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2023:1045
cvssv3.1	6.8	https://access.redhat.com/errata/RHSA-2023:1047
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2023:1047
cvssv3.1	8.1	https://access.redhat.com/errata/RHSA-2023:1049
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2023:1049
cvssv3	6.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json
cvssv3.1	6.8	https://access.redhat.com/security/cve/CVE-2022-3916
generic_textual	MODERATE	https://access.redhat.com/security/cve/CVE-2022-3916
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00219	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00695	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
cvssv3.1	6.8	https://bugzilla.redhat.com/show_bug.cgi?id=2141404
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=2141404
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-97g8-xfvw-q4hg
cvssv3.1	6.8	https://github.com/keycloak/keycloak
generic_textual	HIGH	https://github.com/keycloak/keycloak
cvssv3.1_qr	MODERATE	https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg
cvssv3	6.8	https://nvd.nist.gov/vuln/detail/CVE-2022-3916
cvssv3.1	6.8	https://nvd.nist.gov/vuln/detail/CVE-2022-3916

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2022:8961
		https://access.redhat.com/errata/RHSA-2022:8962
		https://access.redhat.com/errata/RHSA-2022:8963
		https://access.redhat.com/errata/RHSA-2022:8964
		https://access.redhat.com/errata/RHSA-2022:8965
		https://access.redhat.com/errata/RHSA-2023:1043
		https://access.redhat.com/errata/RHSA-2023:1044
		https://access.redhat.com/errata/RHSA-2023:1045
		https://access.redhat.com/errata/RHSA-2023:1047
		https://access.redhat.com/errata/RHSA-2023:1049
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json
		https://access.redhat.com/security/cve/CVE-2022-3916
		https://api.first.org/data/v1/epss?cve=CVE-2022-3916
		https://bugzilla.redhat.com/show_bug.cgi?id=2141404
		https://github.com/keycloak/keycloak
cpe:2.3:a:redhat:keycloak::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak::::::::
cpe:2.3:a:redhat:single_sign-on:-::::text-only:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:-::::text-only:::
cpe:/a:redhat:red_hat_single_sign_on:7.6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
cpe:/a:redhat:red_hat_single_sign_on:7.6.1		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1
cpe:/a:redhat:red_hat_single_sign_on:7.6::el7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
cpe:/a:redhat:red_hat_single_sign_on:7.6::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
cpe:/a:redhat:red_hat_single_sign_on:7.6::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
cpe:/a:redhat:rhosemc:1.0::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
CVE-2022-3916		https://nvd.nist.gov/vuln/detail/CVE-2022-3916
GHSA-97g8-xfvw-q4hg		https://github.com/advisories/GHSA-97g8-xfvw-q4hg
GHSA-97g8-xfvw-q4hg		https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2022:8961

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2022:8962

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2022:8963

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2022:8964

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2022:8965

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:1043

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:1044

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:1045

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:1047

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:1049

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/security/cve/CVE-2022-3916

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2141404

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/keycloak/keycloak

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3916

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3916

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.55364
EPSS Score	0.00175
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.