Home > Vulnerability Database > CVE-2021-20222

Mend.io Vulnerability Database

CVE-2021-20222

Good to know:

Date: March 23, 2021

A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Language: Java

Severity Score

5.8

Related Resources (4)

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1924606

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-20222

Url: https://github.com/keycloak/keycloak/commit/010d7eb0ce9e3b5ee8131a7a0d7400b21deeae50

Url: https://www.mend.io/vulnerability-database/CVE-2021-20222

Severity Score

5.8

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version 12.0.3

Learn More

CVSS v3

Base Score:	5.8
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	PARTIAL

CVSS v2

Base Score:	4.8
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-20222

Good to know:

Date: March 23, 2021

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?