VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-yej1-gv6v-aaaa

Essentials
Severities (137)
References (46)
Severity details (52)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-yej1-gv6v-aaaa
Aliases	CVE-2024-1249 GHSA-m6q9-p373-g5q8
Summary	A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-346	Origin Validation Error
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	7.4	https://access.redhat.com/errata/RHSA-2024:1860
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1860
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1860
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1860
cvssv3.1	7.4	https://access.redhat.com/errata/RHSA-2024:1861
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1861
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1861
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1861
cvssv3.1	7.4	https://access.redhat.com/errata/RHSA-2024:1862
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1862
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1862
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1862
cvssv3.1	7.4	https://access.redhat.com/errata/RHSA-2024:1864
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1864
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1864
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1864
cvssv3.1	7.4	https://access.redhat.com/errata/RHSA-2024:1866
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1866
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1866
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1866
cvssv3.1	7.1	https://access.redhat.com/errata/RHSA-2024:1867
cvssv3.1	7.4	https://access.redhat.com/errata/RHSA-2024:1867
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1867
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1867
cvssv3.1	7.4	https://access.redhat.com/errata/RHSA-2024:1868
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:1868
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1868
cvssv3.1	7.4	https://access.redhat.com/errata/RHSA-2024:2945
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:2945
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:2945
cvssv3.1	7.4	https://access.redhat.com/errata/RHSA-2024:4057
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:4057
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:4057
cvssv3.1	7.4	https://access.redhat.com/errata/RHSA-2025:9582
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:9582
cvssv3.1	7.4	https://access.redhat.com/errata/RHSA-2025:9583
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:9583
cvssv3	7.4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1249.json
cvssv3.1	7.4	https://access.redhat.com/security/cve/CVE-2024-1249
generic_textual	HIGH	https://access.redhat.com/security/cve/CVE-2024-1249
ssvc	Track	https://access.redhat.com/security/cve/CVE-2024-1249
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00253	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00336	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00336	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00336	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00336	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00336	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00336	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00336	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00336	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00336	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00336	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00336	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00336	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
epss	0.00373	https://api.first.org/data/v1/epss?cve=CVE-2024-1249
cvssv3.1	7.4	https://bugzilla.redhat.com/show_bug.cgi?id=2262918
generic_textual	HIGH	https://bugzilla.redhat.com/show_bug.cgi?id=2262918
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2262918
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-m6q9-p373-g5q8
cvssv3.1	6.8	https://github.com/keycloak/keycloak
generic_textual	HIGH	https://github.com/keycloak/keycloak
cvssv3.1	7.4	https://github.com/keycloak/keycloak/commit/9d9817e15a07195f16f554b7f60ee3a918369e26
generic_textual	HIGH	https://github.com/keycloak/keycloak/commit/9d9817e15a07195f16f554b7f60ee3a918369e26
cvssv3.1	7.4	https://github.com/keycloak/keycloak/commit/e3598a53678a1e3698e78eb71e04ba10ca32e5e2
generic_textual	HIGH	https://github.com/keycloak/keycloak/commit/e3598a53678a1e3698e78eb71e04ba10ca32e5e2
cvssv3.1_qr	HIGH	https://github.com/keycloak/keycloak/security/advisories/GHSA-m6q9-p373-g5q8

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2024:1860
		https://access.redhat.com/errata/RHSA-2024:1861
		https://access.redhat.com/errata/RHSA-2024:1862
		https://access.redhat.com/errata/RHSA-2024:1864
		https://access.redhat.com/errata/RHSA-2024:1866
		https://access.redhat.com/errata/RHSA-2024:1867
		https://access.redhat.com/errata/RHSA-2024:1868
		https://access.redhat.com/errata/RHSA-2024:2945
		https://access.redhat.com/errata/RHSA-2024:4057
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1249.json
		https://access.redhat.com/security/cve/CVE-2024-1249
		https://api.first.org/data/v1/epss?cve=CVE-2024-1249
		https://bugzilla.redhat.com/show_bug.cgi?id=2262918
		https://github.com/keycloak/keycloak
		https://github.com/keycloak/keycloak/commit/9d9817e15a07195f16f554b7f60ee3a918369e26
		https://github.com/keycloak/keycloak/commit/e3598a53678a1e3698e78eb71e04ba10ca32e5e2
cpe:/a:redhat:amq_broker:7.12		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12
cpe:/a:redhat:amq_streams:1		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_streams:1
cpe:/a:redhat:build_keycloak:22		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
cpe:/a:redhat:build_keycloak:22::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
cpe:/a:redhat:jboss_data_grid:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
cpe:/a:redhat:jboss_data_grid:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
cpe:/a:redhat:jbosseapxp		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
cpe:/a:redhat:jboss_enterprise_application_platform:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
cpe:/a:redhat:jboss_enterprise_application_platform:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7
cpe:/a:redhat:jboss_enterprise_application_platform:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
cpe:/a:redhat:jboss_enterprise_bpms_platform:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
cpe:/a:redhat:jboss_enterprise_brms_platform:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
cpe:/a:redhat:jboss_fuse:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
cpe:/a:redhat:migration_toolkit_applications:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
cpe:/a:redhat:migration_toolkit_applications:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7
cpe:/a:redhat:openshift_serverless:1.33::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.33::el8
cpe:/a:redhat:red_hat_single_sign_on:7.6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
cpe:/a:redhat:red_hat_single_sign_on:7.6::el7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
cpe:/a:redhat:red_hat_single_sign_on:7.6::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
cpe:/a:redhat:red_hat_single_sign_on:7.6::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
cpe:/a:redhat:rhdh:1		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1
cpe:/a:redhat:rhosemc:1.0::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
cpe:/a:redhat:service_registry:2		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
CVE-2024-1249		https://nvd.nist.gov/vuln/detail/CVE-2024-1249
GHSA-m6q9-p373-g5q8		https://github.com/advisories/GHSA-m6q9-p373-g5q8
GHSA-m6q9-p373-g5q8		https://github.com/keycloak/keycloak/security/advisories/GHSA-m6q9-p373-g5q8
RHSA-2025:9582		https://access.redhat.com/errata/RHSA-2025:9582
RHSA-2025:9583		https://access.redhat.com/errata/RHSA-2025:9583

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1860

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1860

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/ Found at https://access.redhat.com/errata/RHSA-2024:1860

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1861

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1861

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/ Found at https://access.redhat.com/errata/RHSA-2024:1861

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1862

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1862

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/ Found at https://access.redhat.com/errata/RHSA-2024:1862

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1864

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1864

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/ Found at https://access.redhat.com/errata/RHSA-2024:1864

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1866

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1866

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/ Found at https://access.redhat.com/errata/RHSA-2024:1866

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Found at https://access.redhat.com/errata/RHSA-2024:1867

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1867

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/ Found at https://access.redhat.com/errata/RHSA-2024:1867

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1868

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/ Found at https://access.redhat.com/errata/RHSA-2024:1868

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:2945

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/ Found at https://access.redhat.com/errata/RHSA-2024:2945

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:4057

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/ Found at https://access.redhat.com/errata/RHSA-2024:4057

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:9582

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/ Found at https://access.redhat.com/errata/RHSA-2025:9582

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:9583

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/ Found at https://access.redhat.com/errata/RHSA-2025:9583

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1249.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2024-1249

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/ Found at https://access.redhat.com/security/cve/CVE-2024-1249

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2262918

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2262918

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/keycloak/keycloak

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H Found at https://github.com/keycloak/keycloak/commit/9d9817e15a07195f16f554b7f60ee3a918369e26

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H Found at https://github.com/keycloak/keycloak/commit/e3598a53678a1e3698e78eb71e04ba10ca32e5e2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.14083
EPSS Score	0.00044
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-04-23T17:18:01.011166+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2024-1249	34.0.0rc4