CVE-2014-3655

CWE-352Cross-Site Request Forgery (CSRF)5 documents5 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 59.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Redhat KeycloakJboss KeycloakRedhat Jboss Enterprise WEB Server
Timeline
PublishedNov 13
Latest updateMay 17

Description

JBoss KeyCloak is vulnerable to soft token deletion via CSRF

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5jboss/keycloakFixed in version 1.1.0-Alpha1
Mavenorg.keycloak:keycloak-services< 1.0.2.Final
NVDredhat/keycloak1.0.1

🔴Vulnerability Details

3
GHSA
JBoss KeyCloak is vulnerable to soft token deletion via CSRF2022-05-17
OSV
JBoss KeyCloak is vulnerable to soft token deletion via CSRF2022-05-17
CVEList
CVE-2014-3655: JBoss KeyCloak is vulnerable to soft token deletion via CSRF2019-11-13

💬Community

1
Bugzilla
CVE-2014-3655 JBoss KeyCloak: Soft Token deletion via CSRF2014-09-21