CVE-2018-14637 MEDIUM

CVE-2018-14637

Vendor [Unknown]
Product keycloak
Weakness CWE-287 · Improper authentication
Published November 30, 2018
Last update August 5, 2024

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.

Key dates

02Disclosure timeline

November 30, 2018 CVE published
August 5, 2024 Record updated