SV: Possible Keycloak vulnerability: CVE-ID: CVE-2021-3637

book

Article ID: 220479

calendar_today

Updated On:

Products

Service Virtualization

Issue/Introduction

Does DevTest use the version?

Severity:  High
Discussion:  Red Hat Keycloak RootAuthenticationSessionEntity authenticationSessions Map Expansion Remote DoS. Red Hat Keycloak contains a flaw in RootAuthenticationSessionEntity that is triggered as authenticationSessions maps can grow endlessly. This may allow a remote attacker to exhaust available system resources.
Product: Red Hat [Keycloak (13.0.1)]
CVSS Score: 7.8
CVE-ID: CVE-2021-3637

Target Remediation Date: 8/19/2021

Cause

N/A

Environment

Release : 10.6

Component : CA Application Test

Resolution

DevTest GA 10.6 Installer uses keycloak 3.4.1 hence there is no impact on 10.6 GA.