CyberSec.Space Logo
Back to CVE Browser

CVE-2017-7474

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1120%
EPSS Percentile26.61th
PublishedMay 12, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.

Affected Platforms (CPE)

πŸ“¦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.0
πŸ“¦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.0
πŸ“¦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.1
πŸ“¦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.2
πŸ“¦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.3
πŸ“¦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.4
πŸ“¦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.5
πŸ“¦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.6
πŸ“¦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.7
πŸ“¦
Keycloak

Keycloak Nodejs Auth Utils

= 3.0.0
πŸ“¦
Keycloak

Keycloak Nodejs Auth Utils

= 3.0.0

References & Advisories

πŸ”— http://rhn.redhat.com/errata/RHSA-2017-1203.html
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1445271
πŸ”— http://rhn.redhat.com/errata/RHSA-2017-1203.html
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1445271

Related Vulnerabilities

CVE-2017-772210.0

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with ...

CVE-2017-232010.0

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenti...

CVE-2017-514510.0

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. S...

CVE-2017-721310.0

Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops...