{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T18:45:38.455","vulnerabilities":[{"cve":{"id":"CVE-2023-3597","sourceIdentifier":"secalert@redhat.com","published":"2024-04-25T13:15:50.523","lastModified":"2024-11-21T08:17:38.007","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication."},{"lang":"es","value":"Se encontró una falla en Keycloak, donde no valida correctamente la autenticación incremental de su cliente en org.keycloak.authentication. Esta falla permite que un usuario remoto autenticado con una contraseña registre un segundo factor de autenticación falso junto con uno existente y omita la autenticación."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":3.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https:\/\/access.redhat.com\/errata\/RHSA-2024:1866","source":"secalert@redhat.com"},{"url":"https:\/\/access.redhat.com\/errata\/RHSA-2024:1867","source":"secalert@redhat.com"},{"url":"https:\/\/access.redhat.com\/errata\/RHSA-2024:1868","source":"secalert@redhat.com"},{"url":"https:\/\/access.redhat.com\/security\/cve\/CVE-2023-3597","source":"secalert@redhat.com"},{"url":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2221760","source":"secalert@redhat.com"},{"url":"https:\/\/access.redhat.com\/errata\/RHSA-2024:1867","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https:\/\/access.redhat.com\/errata\/RHSA-2024:1868","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https:\/\/access.redhat.com\/security\/cve\/CVE-2023-3597","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2221760","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}