REDHAT-BUG-1860138
First published: Thu Jul 23 2020(Updated: )
The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. By observing differences in the timings of these scans, an attacker may glean information about hosts and ports which they do not have access to scan directly.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Single Sign-On | >=7.x |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-1860138?
The severity of REDHAT-BUG-1860138 is critical due to the potential for unauthorized SMTP connections.
How do I fix REDHAT-BUG-1860138?
To fix REDHAT-BUG-1860138, update to the latest version of Red Hat Single Sign On that addresses this vulnerability.
Who is affected by REDHAT-BUG-1860138?
Users of Red Hat Single Sign On version 7.x are affected by REDHAT-BUG-1860138.
What are the consequences of REDHAT-BUG-1860138?
The consequences of REDHAT-BUG-1860138 include the risk of exposing the system to unauthorized external communications.
Can authorized users exploit REDHAT-BUG-1860138?
Yes, authorized users can exploit REDHAT-BUG-1860138 to initiate SMTP connections to arbitrary hosts.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-14341
- agent/severity
- agent/references
- agent/event
- agent/description
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/red hat single sign-on