CVE-2023-3597

MEDIUM Year: 2023
CVSS v3 Score
5.0
Medium
Weakness Type
CWE-287
View all →

Vulnerability Description

A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication.

Related Vulnerabilities

CVE-2020-4205

MEDIUM
CVSS:5.0(Medium)

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have bee...

CWE-2872020

CVE-2023-0264

MEDIUM
CVSS:5.0(Medium)

A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the sam...

CWE-2872023

CVE-2023-21307

MEDIUM
CVSS:5.0(Medium)

In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure ...

CWE-2872023

CVE-2023-2638

MEDIUM
CVSS:5.0(Medium)

Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of ...

CWE-2872023

CVE-2018-1987

MEDIUM
CVSS:5.1(Medium)

IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file. IBM X-Force ID:...

CWE-2872018

CVE-2018-4856

MEDIUM
CVSS:4.9(Medium)

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with administrative access to the device's management interface could lock out legitim...

CWE-2872018