CVE-2022-1466

EPSS 1.0%CWE-863

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

26 Apr 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.

Affected products

n/a · rhsso

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.redhat.com/show_bug.cgi?id=2050228 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076