CVE-2018-14637

Summary

The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.

Affected Software

VendorProductVersion RangeStatus
[UNKNOWN]keycloak4.6.0.Finalaffected

Weaknesses

  • CWE-287: CWE-287
  • CWE-285: CWE-285

ADP Enrichment

CVE Program Container

Additional References

References