Cloud IAM updates
Cloud IAM updates
www.cloud-iam.com

Keycloak v15.1.1 Critical Update

 

Fix

  

A critical flaw (CVE-2021-4133) was found today in Keycloak version from 12.0.0 to 15.1.0 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.

Every Cloud-IAM's Keycloak deployments were seamlessly upgraded to v15.1.1.