Home > Vulnerability Database > CVE-2021-20222

Mend.io Vulnerability Database

CVE-2021-20222

Good to know:

Date: March 23, 2021

A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Language: Java

Severity Score

7.5

Related Resources (4)

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1924606

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-20222

Url: https://github.com/keycloak/keycloak/commit/010d7eb0ce9e3b5ee8131a7a0d7400b21deeae50

Url: https://www.mend.io/vulnerability-database/CVE-2021-20222

Severity Score

7.5

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version 12.0.3

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	5.1
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-20222

Good to know:

Date: March 23, 2021

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?