All 7 CVE vulnerabilities found in Red Hat Single Sign-On 7, with AI-generated Chinese analysis, references, and POCs.
Vendor: Red Hat
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2025-12789 | Rhsso: open redirect CWE-601 | 6.1 | Medium | 2025-11-06 |
| CVE-2022-2232 | Keycloak: ldap injection on username input CWE-20 | 7.5 | High | 2024-11-14 |
| CVE-2023-2585 | Keycloak: client access via device auth request spoof CWE-358 | 3.5 | Low | 2023-12-21 |
| CVE-2023-2422 | Keycloak: oauth client impersonation CWE-295 | 5.5 | Medium | 2023-10-04 |
| CVE-2022-4137 | Keycloak: reflected xss attack CWE-81 | 8.1 | High | 2023-09-25 |
| CVE-2022-3916 | Keycloak: session takeover with oidc offline refreshtokens CWE-384 | 6.8 | Medium | 2023-09-20 |
| CVE-2022-1438 | Keycloak: xss on impersonation under specific circumstances CWE-79 | 6.4 | Medium | 2023-09-20 |
All 7 known CVE vulnerabilities affecting Red Hat Single Sign-On 7 with full Chinese analysis, references, and POCs where available.