SB2021121543 - Multiple vulnerabilities in Red Hat Single Sign-On 7.4

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021121543

SB2021121543 - Multiple vulnerabilities in Red Hat Single Sign-On 7.4

Published: December 15, 2021

Security Bulletin ID SB2021121543
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Infinite loop (CVE-ID: CVE-2021-37714)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when processing untrusted HTML and XML code. A remote attacker can consume all available system resources and cause denial of service conditions.


2) Information disclosure (CVE-ID: CVE-2021-40690)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. A remote attacker can abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.


3) Resource exhaustion (CVE-ID: CVE-2021-3629)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to Undertow does not properly control consumption of internal resources when processing HTTP/2 requests. A remote attacker can send specially crafted HTTP/2 requests to the web server, trigger resource exhaustion and perform a denial of service (DoS) attack.


4) Information disclosure (CVE-ID: CVE-2021-20289)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. A remote attacker can obtain endpoint class and method names.


5) Observable discrepancy (CVE-ID: CVE-2021-3642)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to possibility of a timing attack against the ScramServer. A remote attacker can gain access to potentially sensitive information. 


6) Files or Directories Accessible to External Parties (CVE-ID: CVE-2021-3717)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an incorrect JBOSS_LOCAL_USER challenge location. A local unprivileged user can access any user account on the affected system.


Remediation

Install update from vendor's website.

References