redhat decision-manager CVE-2020-1714 in Red Hat and Quarkus Products
Published on May 13, 2020

product logo product logo
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.

NVD

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.


Products Associated with CVE-2020-1714

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-1714 are published in these products:

Red Hat Decision Manager
 
Red Hat Jboss Fuse
 
Red Hat Keycloak
 
Red Hat Openshift Application Runtimes
 
Red Hat Process Automation
 
Red Hat Single Sign On
 
Quarkus
 

Affected Versions

Red Hat keycloak Version before 11.0.0 is affected by CVE-2020-1714

Exploit Probability

EPSS
2.15%
Percentile
83.97%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.