CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-7474

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1120%
EPSS Percentile26.61th
Published2017年5月12日
Last Modified2026年5月13日

Vulnerability Description

It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.

Affected Platforms (CPE)

📦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.0
📦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.0
📦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.1
📦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.2
📦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.3
📦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.4
📦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.5
📦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.6
📦
Keycloak

Keycloak Nodejs Auth Utils

= 2.5.7
📦
Keycloak

Keycloak Nodejs Auth Utils

= 3.0.0
📦
Keycloak

Keycloak Nodejs Auth Utils

= 3.0.0

References & Advisories

🔗 http://rhn.redhat.com/errata/RHSA-2017-1203.html
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1445271
🔗 http://rhn.redhat.com/errata/RHSA-2017-1203.html
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1445271

相關漏洞威脅

CVE-2017-772210.0

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with ...

CVE-2017-232010.0

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenti...

CVE-2017-514510.0

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. S...

CVE-2017-362310.0

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported versions tha...