Home > Vulnerability Database > CVE-2021-20222

Mend.io Vulnerability Database

CVE-2021-20222

Good to know:

Date: March 23, 2021

A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Language: Java

Severity Score

7.5

Related Resources (5)

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1924606

Url: https://github.com/keycloak/keycloak/commit/3b80eee5bfdf2b80c47465c0f2eaf70074808741

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-20222

Url: https://access.redhat.com/security/cve/cve-2021-20222

Url: https://www.mend.io/vulnerability-database/CVE-2021-20222

Severity Score

7.5

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version 12.0.3

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	5.1
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-20222

Good to know:

Date: March 23, 2021

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?