CVE-2021-3754
CVE-2021-3754
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 1.8%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
26 Aug 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.
Affected products
n/a · keycloakWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →