CVE-2019-14837 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.1 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
redhat	CNA	9.1 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 75%

Vendor	Product	Version
redhat	keycloak	𝑥 < 8.0.0
redhat	single_sign-on	7.3

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-547 - Use of Hard-coded, Security-relevant Constants
The program uses hard-coded constants instead of symbolic names for security-critical values, which increases the likelihood of mistakes during code maintenance or security policy change.
CWE-798 - Use of Hard-coded Credentials
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14837

https://github.com/keycloak/keycloak/commit/9a7c1a91a59ab85e7f8889a505be04a71580777f

https://issues.jboss.org/browse/KEYCLOAK-10780

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14837

https://github.com/keycloak/keycloak/commit/9a7c1a91a59ab85e7f8889a505be04a71580777f

https://issues.jboss.org/browse/KEYCLOAK-10780