Red Hat Migration Toolkit Applications
By the Year
In 2024 there have been 1 vulnerability in Red Hat Migration Toolkit Applications with an average score of 7.1 out of ten. Last year Migration Toolkit Applications had 2 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. Last year, the average CVE base score was greater by 0.40
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 1 | 7.10 |
| 2023 | 2 | 7.50 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Migration Toolkit Applications vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Migration Toolkit Applications Security Vulnerabilities
A flaw was found in the redirect_uri validation logic in Keycloak
CVE-2023-6291
7.1 - High
- January 26, 2024
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
Open Redirect
The HTTP/2 protocol
CVE-2023-44487
7.5 - High
- October 10, 2023
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Resource Exhaustion
The undertow client is not checking the server identity presented by the server certificate in https connections
CVE-2022-4492
7.5 - High
- February 23, 2023
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Migration Toolkit For Runtimes or by Red Hat? Click the Watch button to subscribe.
