Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-1714

Опубликовано: 13 мая 2020
Источник: nvd
CVSS3: 7.5
CVSS3: 8.8
CVSS2: 6.5
EPSS Низкий

Описание

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
Версия до 11.0.0 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*
Версия до 1.4.2 (включая)

EPSS

Процентиль: 84%
0.02152
Низкий

7.5 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20
CWE-20

Связанные уязвимости

redhat логотип

CVE-2020-1714

CVSS3: 7.5
redhat
больше 5 лет назад

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.

debian логотип

CVE-2020-1714

CVSS3: 8.8
debian
больше 5 лет назад

A flaw was found in Keycloak before version 11.0.0, where the code bas ...

github логотип

GHSA-m6mm-q862-j366

CVSS3: 8.8
github
почти 4 года назад

Improper Input Validation in Keycloak

EPSS

Процентиль: 84%
0.02152
Низкий

7.5 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20
CWE-20