VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-kzst-61uh-aaag

Essentials
Severities (103)
References (16)
Severity details (18)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-kzst-61uh-aaag
Aliases	CVE-2022-2232 GHSA-8hc5-rmgf-qx6p
Summary	Keycloak vulnerable to LDAP Injection on UsernameForm Login
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-90	Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-20	Improper Input Validation

System	Score	Found at
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:0094
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0094
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:0095
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0095
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:0096
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0096
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2232.json
cvssv3.1	7.5	https://access.redhat.com/security/cve/CVE-2022-2232
ssvc	Track	https://access.redhat.com/security/cve/CVE-2022-2232
epss	0.00060	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00060	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00060	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00060	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00195	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00217	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00497	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
cvssv3.1	7.5	https://bugzilla.redhat.com/show_bug.cgi?id=2096994
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2096994
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-8hc5-rmgf-qx6p
cvssv3.1	6.8	https://github.com/keycloak/keycloak
generic_textual	HIGH	https://github.com/keycloak/keycloak
generic_textual	LOW	https://github.com/keycloak/keycloak/commit/4252e394cf725b16f7e4e19aa32b03fd3fe13fde
cvssv3.1_qr	LOW	https://github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-2232
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-2232

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2024:0094
		https://access.redhat.com/errata/RHSA-2024:0095
		https://access.redhat.com/errata/RHSA-2024:0096
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2232.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-2232
		https://github.com/keycloak/keycloak
		https://github.com/keycloak/keycloak/commit/4252e394cf725b16f7e4e19aa32b03fd3fe13fde
2096994		https://bugzilla.redhat.com/show_bug.cgi?id=2096994
cpe:/a:redhat:red_hat_single_sign_on:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
cpe:/a:redhat:red_hat_single_sign_on:7.6::el7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
cpe:/a:redhat:red_hat_single_sign_on:7.6::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
cpe:/a:redhat:red_hat_single_sign_on:7.6::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
CVE-2022-2232		https://access.redhat.com/security/cve/CVE-2022-2232
CVE-2022-2232		https://nvd.nist.gov/vuln/detail/CVE-2022-2232
GHSA-8hc5-rmgf-qx6p		https://github.com/advisories/GHSA-8hc5-rmgf-qx6p
GHSA-8hc5-rmgf-qx6p		https://github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:0094

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/ Found at https://access.redhat.com/errata/RHSA-2024:0094

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:0095

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/ Found at https://access.redhat.com/errata/RHSA-2024:0095

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:0096

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/ Found at https://access.redhat.com/errata/RHSA-2024:0096

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2232.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/security/cve/CVE-2022-2232

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/ Found at https://access.redhat.com/security/cve/CVE-2022-2232

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2096994

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2096994

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/keycloak/keycloak

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2232

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2232

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.26851
EPSS Score	0.00060
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-01-03T17:37:05.033946+00:00	GHSA Importer	Import	https://github.com/advisories/GHSA-8hc5-rmgf-qx6p	34.0.0rc1