{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-16T22:17:53.896","vulnerabilities":[{"cve":{"id":"CVE-2020-1758","sourceIdentifier":"secalert@redhat.com","published":"2020-05-15T19:15:12.430","lastModified":"2024-11-21T05:11:19.473","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack."},{"lang":"es","value":"Se encontró un fallo en Keycloak en versiones anteriores a 10.0.0, donde no se lleva a cabo una verificación del nombre de host TLS mientras se envía correos electrónicos utilizando el servidor SMTP. Este fallo permite a un atacante llevar a cabo un ataque de tipo man-in-the-middle (MITM)."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-297"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.0","matchCriteriaId":"42BBD73E-2B89-48B7-95F0-187128579D86"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*","matchCriteriaId":"E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA"}]}]}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://issues.redhat.com/browse/KEYCLOAK-13285","source":"secalert@redhat.com","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://issues.redhat.com/browse/KEYCLOAK-13285","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Vendor Advisory"]}]}}]}