Vulnerability Name: | CVE-2021-3754 (CCN-235009) | ||||||||||||
Assigned: | 2021-08-31 | ||||||||||||
Published: | 2022-08-12 | ||||||||||||
Updated: | 2022-09-01 | ||||||||||||
Summary: | A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password. | ||||||||||||
CVSS v3 Severity: | 5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) 4.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)
3.3 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)
| ||||||||||||
CVSS v2 Severity: | 2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
| ||||||||||||
Vulnerability Type: | CWE-noinfo | ||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-3754 Source: MISC Type: Vendor Advisory https://access.redhat.com/security/cve/CVE-2021-3754 Source: CCN Type: Red Hat Bugzilla - Bug 1999196 (CVE-2021-3754) - CVE-2021-3754 keycloak: allows using email as username Source: MISC Type: Issue Tracking, Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1999196 Source: XF Type: UNKNOWN keycloak-cve20213754-dos(235009) Source: CCN Type: Keycloak GIT Repository Keycloak Source: CCN Type: IBM Security Bulletin 6848879 (i Modernization Engine for Lifecycle Integration) IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |