CVE-2021-3637 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-3637 PUBLISHED CVSS 7.5 HIGH

Reported by redhat · Published July 9, 2021

A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
n/a	keycloak-model-infinispan	keycloak 14.0.0
n/a	keycloak-model-infinispan	keycloak 14.0.0, keycloak 14.0.0, keycloak 14.0.0
Maven	org.keycloak:keycloak-model-infinispan	0, 0, 0
Maven	org.keycloak:keycloak-parent	0, 0, 0

Timeline

Jul 9, 2021 CVE Published
Jul 10, 2021 EPSS Score
Sep 7, 2021 EPSS Score
Nov 5, 2021 EPSS Score
Jan 4, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 2, 2022 EPSS Score
Jun 30, 2022 EPSS Score
Aug 29, 2022 EPSS Score
Oct 28, 2022 EPSS Score

References

x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2021-3637 advisory

Open in Interactive Console →