CVE-2019-14837
A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be '[email protected]'.
We have discovered 2 live websites that are affected by CVE-2019-14837.
Affected Software
| Product |  JBCS |
| Category | Load Balancer |
| Vulnerable Domains | 2 live websites (100% of JBCS install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 1 versions ( 100% of all versions) |
Common Weakness Enumeration
CWE-547 Use of Hard-coded, Security-relevant ConstantsDetails
- Published - Jan 8, 2020
- Updated - Aug 5, 2024
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2019-14837 Trinidad and Tobago | 1 websites |
 Taiwan | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2019-14837| .com | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2019-14837
Top websites that are affected by CVE-2019-14837. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.****.***.tw | Taiwan | *,***,*** | |
| ********************.**********************.com | Trinidad and Tobago | **,***,*** |
FAQ
CVE-2019-14837 is Use of Hard-coded, Security-relevant Constants in JBCS
A total of 2 websites have been identified as vulnerable to CVE-2019-14837, based on global website indexing conducted by WebTechSurvey.
The JBCS is affected by the CVE-2019-14837 vulnerability.
JBCS versions up to and including 8 are vulnerable to CVE-2019-14837.