Vendor scorecard
Gluu
Gluu security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: gluu
Product families
1
Open in latest
0
Inferred — see methodology
Last disclosure
Sep 6, 2022
01
Product categories
1 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| Gluu Server (OSS IdP)Identity & Access Managementgluu_server, oxauth | 2 | 0 | 4.4.1LOW |
02
Recent CVEs
2 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2022-36663(opens NVD record) | Critical | 9.8 | Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter. | Sep 6, 2022 |
| CVE-2020-9012(opens NVD record) | Medium | 6.1 | A cross-site scripting (XSS) vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter. | Feb 16, 2020 |
2 CVEs · 1 product families