Issued:

2025-07-23

Updated:

2025-07-23

RHSA-2025:11645 - Moderate: Red Hat Single Sign-On 7.6.12 security update

Synopsis

Moderate: Red Hat Single Sign-On 7.6.12 security update

Type/Severity

Security Advisory Moderate

Topic

A new security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.

Description

Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.6.12 serves as a replacement for Red Hat Single Sign-On 7.6.11, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. This security update has moderate impact.

Security fixes:

• org.wildfly.core/wildfly-core-management-client: Wildfly vulnerable to Cross-Site Scripting (XSS) (CVE-2024-10234)

Solution

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

The References section of this erratum contains a download link (you must log in to download the update).

Affected Products

Fixes

• This content is not included.BZ - 2320848

CVEs

• CVE-2024-10039
• CVE-2024-10234

References

• https://access.redhat.com/security/updates/classification/#moderate

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.