CVE-2018-14637
published 2018-11-30CVE-2018-14637: The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this…
high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | keycloak | < 4.6.0 | 4.6.0 |