How severe is CVE-2019-14909?

CVE-2019-14909 has a CVSS v3 score of 8.3 (HIGH).

CVE-2019-14909

Name: keycloak
Author: redhat

8.3HIGH

A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.

Publicado: 12/4/2019Actualizado: 11/21/2024

Descripción

A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.

Análisis IAImpulsado por IA

Productos Afectados

redhatkeycloak

7.0.0

redhatkeycloak

7.0.1

Referencias

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14909
Issue TrackingThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14909
Issue TrackingThird Party Advisory