[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-12160":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":1155,"aliases":1156,"duplicate_of":9,"upstream":1158,"downstream":1159,"duplicates":1164,"related":1165,"reserved_at":9,"published_at":1166,"modified_at":1167,"state":1168,"summary":1169,"references_raw":1178,"kevs":1213,"epss":1214,"epss_history":1217,"metrics":1482,"affected":1495},"CVE-2017-12160","It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.",null,[11,641],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-285","Improper Authorization","The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.","weakness","Draft","Class","High",[20,68,72,131,276,318,322,326,330,334,338,342,509,599,629,633,637],{"id":21,"name":22,"techniques":23},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[24],{"id":25,"name":26,"tactics":27,"countermeasures":43},"T1574.010","Services File Permissions Weakness",[28,31,34,37,40],{"id":29,"name":30},"TA0110","Persistence",{"id":32,"name":33},"TA0111","Privilege Escalation",{"id":35,"name":36},"TA0030","Defense Evasion",{"id":38,"name":39},"TA0005","Stealth",{"id":41,"name":42},"TA0104","Execution",[44,49,53,58,63],{"id":45,"name":46,"tactic":47},"D3-SWI","Software Inventory",{"name":48},"Model",{"id":50,"name":51,"tactic":52},"D3-AVE","Asset Vulnerability Enumeration",{"name":48},{"id":54,"name":55,"tactic":56},"D3-SBV","Service Binary Verification",{"name":57},"Detect",{"id":59,"name":60,"tactic":61},"D3-SU","Software Update",{"name":62},"Harden",{"id":64,"name":65,"tactic":66},"D3-RS","Restore Software",{"name":67},"Restore",{"id":69,"name":70,"techniques":71},"CAPEC-104","Cross Zone Scripting",[],{"id":73,"name":74,"techniques":75},"CAPEC-127","Directory Indexing",[76],{"id":77,"name":78,"tactics":79,"countermeasures":83},"T1083","File and Directory Discovery",[80],{"id":81,"name":82},"TA0102","Discovery",[84,88,92,97,102,106,110,115,119,123,127],{"id":85,"name":86,"tactic":87},"D3-FA","File Analysis",{"name":57},{"id":89,"name":90,"tactic":91},"D3-FIM","File Integrity Monitoring",{"name":57},{"id":93,"name":94,"tactic":95},"D3-FEV","File Eviction",{"name":96},"Evict",{"id":98,"name":99,"tactic":100},"D3-DF","Decoy File",{"name":101},"Deceive",{"id":103,"name":104,"tactic":105},"D3-FE","File Encryption",{"name":62},{"id":107,"name":108,"tactic":109},"D3-RF","Restore File",{"name":67},{"id":111,"name":112,"tactic":113},"D3-LFP","Local File Permissions",{"name":114},"Isolate",{"id":116,"name":117,"tactic":118},"D3-CF","Content Filtering",{"name":114},{"id":120,"name":121,"tactic":122},"D3-RFAM","Remote File Access Mediation",{"name":114},{"id":124,"name":125,"tactic":126},"D3-CQ","Content Quarantine",{"name":114},{"id":128,"name":129,"tactic":130},"D3-CM","Content Modification",{"name":114},{"id":132,"name":133,"techniques":134},"CAPEC-13","Subverting Environment Variable Values",[135,200,236],{"id":136,"name":137,"tactics":138,"countermeasures":141},"T1562.003","Impair Command History Logging",[139,140],{"id":35,"name":36},{"id":38,"name":39},[142,146,148,150,154,158,160,164,166,170,174,176,180,182,184,186,188,190,192,196],{"id":143,"name":144,"tactic":145},"D3-CI","Configuration Inventory",{"name":48},{"id":85,"name":86,"tactic":147},{"name":57},{"id":89,"name":90,"tactic":149},{"name":57},{"id":151,"name":152,"tactic":153},"D3-DA","Dynamic Analysis",{"name":57},{"id":155,"name":156,"tactic":157},"D3-EFA","Emulated File Analysis",{"name":57},{"id":93,"name":94,"tactic":159},{"name":96},{"id":161,"name":162,"tactic":163},"D3-RKD","Registry Key Deletion",{"name":96},{"id":98,"name":99,"tactic":165},{"name":101},{"id":167,"name":168,"tactic":169},"D3-DRA","Disable Remote Access",{"name":62},{"id":171,"name":172,"tactic":173},"D3-ACH","Application Configuration Hardening",{"name":62},{"id":103,"name":104,"tactic":175},{"name":62},{"id":177,"name":178,"tactic":179},"D3-RC","Restore Configuration",{"name":67},{"id":107,"name":108,"tactic":181},{"name":67},{"id":124,"name":125,"tactic":183},{"name":114},{"id":116,"name":117,"tactic":185},{"name":114},{"id":111,"name":112,"tactic":187},{"name":114},{"id":120,"name":121,"tactic":189},{"name":114},{"id":128,"name":129,"tactic":191},{"name":114},{"id":193,"name":194,"tactic":195},"D3-EAL","Executable Allowlisting",{"name":114},{"id":197,"name":198,"tactic":199},"D3-EDL","Executable Denylisting",{"name":114},{"id":201,"name":202,"tactics":203,"countermeasures":209},"T1574.006","Dynamic Linker Hijacking",[204,205,206,207,208],{"id":29,"name":30},{"id":32,"name":33},{"id":35,"name":36},{"id":38,"name":39},{"id":41,"name":42},[210,214,216,218,220,222,224,226,228,230,232,234],{"id":211,"name":212,"tactic":213},"D3-SFA","System File Analysis",{"name":57},{"id":85,"name":86,"tactic":215},{"name":57},{"id":89,"name":90,"tactic":217},{"name":57},{"id":93,"name":94,"tactic":219},{"name":96},{"id":98,"name":99,"tactic":221},{"name":101},{"id":103,"name":104,"tactic":223},{"name":62},{"id":107,"name":108,"tactic":225},{"name":67},{"id":116,"name":117,"tactic":227},{"name":114},{"id":111,"name":112,"tactic":229},{"name":114},{"id":120,"name":121,"tactic":231},{"name":114},{"id":124,"name":125,"tactic":233},{"name":114},{"id":128,"name":129,"tactic":235},{"name":114},{"id":237,"name":238,"tactics":239,"countermeasures":245},"T1574.007","Path Interception by PATH Environment Variable",[240,241,242,243,244],{"id":29,"name":30},{"id":32,"name":33},{"id":35,"name":36},{"id":38,"name":39},{"id":41,"name":42},[246,248,250,252,254,256,258,260,262,264,266,268,270,272,274],{"id":85,"name":86,"tactic":247},{"name":57},{"id":89,"name":90,"tactic":249},{"name":57},{"id":151,"name":152,"tactic":251},{"name":57},{"id":155,"name":156,"tactic":253},{"name":57},{"id":93,"name":94,"tactic":255},{"name":96},{"id":98,"name":99,"tactic":257},{"name":101},{"id":103,"name":104,"tactic":259},{"name":62},{"id":107,"name":108,"tactic":261},{"name":67},{"id":116,"name":117,"tactic":263},{"name":114},{"id":111,"name":112,"tactic":265},{"name":114},{"id":120,"name":121,"tactic":267},{"name":114},{"id":124,"name":125,"tactic":269},{"name":114},{"id":128,"name":129,"tactic":271},{"name":114},{"id":193,"name":194,"tactic":273},{"name":114},{"id":197,"name":198,"tactic":275},{"name":114},{"id":277,"name":278,"techniques":279},"CAPEC-17","Using Malicious Files",[280,300],{"id":281,"name":282,"tactics":283,"countermeasures":289},"T1574.005","Executable Installer File Permissions Weakness",[284,285,286,287,288],{"id":29,"name":30},{"id":32,"name":33},{"id":35,"name":36},{"id":38,"name":39},{"id":41,"name":42},[290,292,294,296,298],{"id":45,"name":46,"tactic":291},{"name":48},{"id":50,"name":51,"tactic":293},{"name":48},{"id":54,"name":55,"tactic":295},{"name":57},{"id":59,"name":60,"tactic":297},{"name":62},{"id":64,"name":65,"tactic":299},{"name":67},{"id":25,"name":26,"tactics":301,"countermeasures":307},[302,303,304,305,306],{"id":29,"name":30},{"id":32,"name":33},{"id":35,"name":36},{"id":38,"name":39},{"id":41,"name":42},[308,310,312,314,316],{"id":45,"name":46,"tactic":309},{"name":48},{"id":50,"name":51,"tactic":311},{"name":48},{"id":54,"name":55,"tactic":313},{"name":57},{"id":59,"name":60,"tactic":315},{"name":62},{"id":64,"name":65,"tactic":317},{"name":67},{"id":319,"name":320,"techniques":321},"CAPEC-39","Manipulating Opaque Client-based Data Tokens",[],{"id":323,"name":324,"techniques":325},"CAPEC-402","Bypassing ATA Password Security",[],{"id":327,"name":328,"techniques":329},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":331,"name":332,"techniques":333},"CAPEC-5","Blue Boxing",[],{"id":335,"name":336,"techniques":337},"CAPEC-51","Poison Web Service Registry",[],{"id":339,"name":340,"techniques":341},"CAPEC-59","Session Credential Falsification through Prediction",[],{"id":343,"name":344,"techniques":345},"CAPEC-60","Reusing Session IDs (aka Session Replay)",[346,398],{"id":347,"name":348,"tactics":349,"countermeasures":353},"T1134.001","Token Impersonation/Theft",[350,351,352],{"id":35,"name":36},{"id":38,"name":39},{"id":32,"name":33},[354,358,362,366,370,374,378,382,386,390,394],{"id":355,"name":356,"tactic":357},"D3-CCSA","Credential Compromise Scope Analysis",{"name":57},{"id":359,"name":360,"tactic":361},"D3-CR","Credential Revocation",{"name":96},{"id":363,"name":364,"tactic":365},"D3-ANCI","Authentication Cache Invalidation",{"name":96},{"id":367,"name":368,"tactic":369},"D3-DUC","Decoy User Credential",{"name":101},{"id":371,"name":372,"tactic":373},"D3-CH","Credential Hardening",{"name":62},{"id":375,"name":376,"tactic":377},"D3-MFA","Multi-factor Authentication",{"name":62},{"id":379,"name":380,"tactic":381},"D3-CRO","Credential Rotation",{"name":62},{"id":383,"name":384,"tactic":385},"D3-TB","Token Binding",{"name":62},{"id":387,"name":388,"tactic":389},"D3-TBA","Token-based Authentication",{"name":62},{"id":391,"name":392,"tactic":393},"D3-RIC","Reissue Credential",{"name":67},{"id":395,"name":396,"tactic":397},"D3-CTS","Credential Transmission Scoping",{"name":114},{"id":399,"name":400,"tactics":401,"countermeasures":406},"T1550.004","Web Session Cookie",[402,403],{"id":35,"name":36},{"id":404,"name":405},"TA0109","Lateral Movement",[407,411,415,419,423,427,431,435,439,443,447,451,453,457,461,465,469,471,473,475,477,479,481,483,487,491,495,499,503,507],{"id":408,"name":409,"tactic":410},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":57},{"id":412,"name":413,"tactic":414},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":57},{"id":416,"name":417,"tactic":418},"D3-CSPP","Client-server Payload Profiling",{"name":57},{"id":420,"name":421,"tactic":422},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":57},{"id":424,"name":425,"tactic":426},"D3-NTSA","Network Traffic Signature Analysis",{"name":57},{"id":428,"name":429,"tactic":430},"D3-APCA","Application Protocol Command Analysis",{"name":57},{"id":432,"name":433,"tactic":434},"D3-NTCD","Network Traffic Community Deviation",{"name":57},{"id":436,"name":437,"tactic":438},"D3-RTSD","Remote Terminal Session Detection",{"name":57},{"id":440,"name":441,"tactic":442},"D3-PLA","Process Lineage Analysis",{"name":57},{"id":444,"name":445,"tactic":446},"D3-PSMD","Process Self-Modification Detection",{"name":57},{"id":448,"name":449,"tactic":450},"D3-PSA","Process Spawn Analysis",{"name":57},{"id":355,"name":356,"tactic":452},{"name":57},{"id":454,"name":455,"tactic":456},"D3-PT","Process Termination",{"name":96},{"id":458,"name":459,"tactic":460},"D3-PS","Process Suspension",{"name":96},{"id":462,"name":463,"tactic":464},"D3-HR","Host Reboot",{"name":96},{"id":466,"name":467,"tactic":468},"D3-HS","Host Shutdown",{"name":96},{"id":359,"name":360,"tactic":470},{"name":96},{"id":363,"name":364,"tactic":472},{"name":96},{"id":367,"name":368,"tactic":474},{"name":101},{"id":371,"name":372,"tactic":476},{"name":62},{"id":375,"name":376,"tactic":478},{"name":62},{"id":379,"name":380,"tactic":480},{"name":62},{"id":391,"name":392,"tactic":482},{"name":67},{"id":484,"name":485,"tactic":486},"D3-NTF","Network Traffic Filtering",{"name":114},{"id":488,"name":489,"tactic":490},"D3-KBPI","Kernel-based Process Isolation",{"name":114},{"id":492,"name":493,"tactic":494},"D3-SCF","System Call Filtering",{"name":114},{"id":496,"name":497,"tactic":498},"D3-HBPI","Hardware-based Process Isolation",{"name":114},{"id":500,"name":501,"tactic":502},"D3-ABPI","Application-based Process Isolation",{"name":114},{"id":504,"name":505,"tactic":506},"D3-WSAM","Web Session Access Mediation",{"name":114},{"id":395,"name":396,"tactic":508},{"name":114},{"id":510,"name":511,"techniques":512},"CAPEC-647","Collect Data from Registries",[513,543,567],{"id":514,"name":515,"tactics":516,"countermeasures":520},"T1005","Data from Local System",[517],{"id":518,"name":519},"TA0100","Collection",[521,523,525,527,529,531,533,535,537,539,541],{"id":85,"name":86,"tactic":522},{"name":57},{"id":89,"name":90,"tactic":524},{"name":57},{"id":93,"name":94,"tactic":526},{"name":96},{"id":98,"name":99,"tactic":528},{"name":101},{"id":103,"name":104,"tactic":530},{"name":62},{"id":107,"name":108,"tactic":532},{"name":67},{"id":116,"name":117,"tactic":534},{"name":114},{"id":111,"name":112,"tactic":536},{"name":114},{"id":120,"name":121,"tactic":538},{"name":114},{"id":124,"name":125,"tactic":540},{"name":114},{"id":128,"name":129,"tactic":542},{"name":114},{"id":544,"name":545,"tactics":546,"countermeasures":548},"T1012","Query Registry",[547],{"id":81,"name":82},[549,553,557,561,565],{"id":550,"name":551,"tactic":552},"D3-DI","Data Inventory",{"name":48},{"id":554,"name":555,"tactic":556},"D3-SCA","System Call Analysis",{"name":57},{"id":558,"name":559,"tactic":560},"D3-SCP","System Configuration Permissions",{"name":62},{"id":562,"name":563,"tactic":564},"D3-RD","Restore Database",{"name":67},{"id":492,"name":493,"tactic":566},{"name":114},{"id":568,"name":569,"tactics":570,"countermeasures":574},"T1552.002","Credentials in Registry",[571],{"id":572,"name":573},"TA0031","Credential Access",[575,577,579,581,583,585,587,589,591,593,595,597],{"id":550,"name":551,"tactic":576},{"name":48},{"id":355,"name":356,"tactic":578},{"name":57},{"id":359,"name":360,"tactic":580},{"name":96},{"id":363,"name":364,"tactic":582},{"name":96},{"id":367,"name":368,"tactic":584},{"name":101},{"id":371,"name":372,"tactic":586},{"name":62},{"id":375,"name":376,"tactic":588},{"name":62},{"id":379,"name":380,"tactic":590},{"name":62},{"id":558,"name":559,"tactic":592},{"name":62},{"id":562,"name":563,"tactic":594},{"name":67},{"id":391,"name":392,"tactic":596},{"name":67},{"id":395,"name":396,"tactic":598},{"name":114},{"id":600,"name":601,"techniques":602},"CAPEC-668","Key Negotiation of Bluetooth Attack (KNOB)",[603],{"id":604,"name":605,"tactics":606,"countermeasures":610},"T1565.002","Transmitted Data Manipulation",[607],{"id":608,"name":609},"TA0105","Impact",[611,613,615,617,619,621,623,625,627],{"id":408,"name":409,"tactic":612},{"name":57},{"id":412,"name":413,"tactic":614},{"name":57},{"id":416,"name":417,"tactic":616},{"name":57},{"id":420,"name":421,"tactic":618},{"name":57},{"id":424,"name":425,"tactic":620},{"name":57},{"id":428,"name":429,"tactic":622},{"name":57},{"id":432,"name":433,"tactic":624},{"name":57},{"id":436,"name":437,"tactic":626},{"name":57},{"id":484,"name":485,"tactic":628},{"name":114},{"id":630,"name":631,"techniques":632},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":634,"name":635,"techniques":636},"CAPEC-77","Manipulating User-Controlled Variables",[],{"id":638,"name":639,"techniques":640},"CAPEC-87","Forceful Browsing",[],{"_key":642,"id":642,"name":643,"description":644,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":645},"CWE-287","Improper Authentication","When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",[646,747,826,830,834,838,853,980,1040,1122],{"id":647,"name":648,"techniques":649},"CAPEC-114","Authentication Abuse",[650],{"id":651,"name":652,"tactics":653,"countermeasures":656},"T1548","Abuse Elevation Control Mechanism",[654,655],{"id":35,"name":36},{"id":32,"name":33},[657,659,663,665,669,673,675,677,679,681,685,687,689,691,693,697,699,701,705,709,711,713,715,719,723,725,727,729,731,733,735,737,741,743,745],{"id":143,"name":144,"tactic":658},{"name":48},{"id":660,"name":661,"tactic":662},"D3-AM","Access Modeling",{"name":48},{"id":550,"name":551,"tactic":664},{"name":48},{"id":666,"name":667,"tactic":668},"D3-NTPM","Network Traffic Policy Mapping",{"name":48},{"id":670,"name":671,"tactic":672},"D3-AEM","Application Exception Monitoring",{"name":57},{"id":554,"name":555,"tactic":674},{"name":57},{"id":211,"name":212,"tactic":676},{"name":57},{"id":85,"name":86,"tactic":678},{"name":57},{"id":89,"name":90,"tactic":680},{"name":57},{"id":682,"name":683,"tactic":684},"D3-OPM","Operational Process Monitoring",{"name":57},{"id":151,"name":152,"tactic":686},{"name":57},{"id":155,"name":156,"tactic":688},{"name":57},{"id":448,"name":449,"tactic":690},{"name":57},{"id":93,"name":94,"tactic":692},{"name":96},{"id":694,"name":695,"tactic":696},"D3-AL","Account Locking",{"name":96},{"id":98,"name":99,"tactic":698},{"name":101},{"id":103,"name":104,"tactic":700},{"name":62},{"id":702,"name":703,"tactic":704},"D3-AA","Agent Authentication",{"name":62},{"id":706,"name":707,"tactic":708},"D3-CDP","Change Default Password",{"name":62},{"id":558,"name":559,"tactic":710},{"name":62},{"id":177,"name":178,"tactic":712},{"name":67},{"id":107,"name":108,"tactic":714},{"name":67},{"id":716,"name":717,"tactic":718},"D3-ULA","Unlock Account",{"name":67},{"id":720,"name":721,"tactic":722},"D3-RUAA","Restore User Account Access",{"name":67},{"id":562,"name":563,"tactic":724},{"name":67},{"id":492,"name":493,"tactic":726},{"name":114},{"id":116,"name":117,"tactic":728},{"name":114},{"id":111,"name":112,"tactic":730},{"name":114},{"id":120,"name":121,"tactic":732},{"name":114},{"id":124,"name":125,"tactic":734},{"name":114},{"id":128,"name":129,"tactic":736},{"name":114},{"id":738,"name":739,"tactic":740},"D3-UAP","User Account Permissions",{"name":114},{"id":193,"name":194,"tactic":742},{"name":114},{"id":197,"name":198,"tactic":744},{"name":114},{"id":496,"name":497,"tactic":746},{"name":114},{"id":748,"name":749,"techniques":750},"CAPEC-115","Authentication Bypass",[751],{"id":651,"name":652,"tactics":752,"countermeasures":755},[753,754],{"id":35,"name":36},{"id":32,"name":33},[756,758,760,762,764,766,768,770,772,774,776,778,780,782,784,786,788,790,792,794,796,798,800,802,804,806,808,810,812,814,816,818,820,822,824],{"id":143,"name":144,"tactic":757},{"name":48},{"id":660,"name":661,"tactic":759},{"name":48},{"id":550,"name":551,"tactic":761},{"name":48},{"id":666,"name":667,"tactic":763},{"name":48},{"id":670,"name":671,"tactic":765},{"name":57},{"id":554,"name":555,"tactic":767},{"name":57},{"id":211,"name":212,"tactic":769},{"name":57},{"id":85,"name":86,"tactic":771},{"name":57},{"id":89,"name":90,"tactic":773},{"name":57},{"id":682,"name":683,"tactic":775},{"name":57},{"id":151,"name":152,"tactic":777},{"name":57},{"id":155,"name":156,"tactic":779},{"name":57},{"id":448,"name":449,"tactic":781},{"name":57},{"id":93,"name":94,"tactic":783},{"name":96},{"id":694,"name":695,"tactic":785},{"name":96},{"id":98,"name":99,"tactic":787},{"name":101},{"id":103,"name":104,"tactic":789},{"name":62},{"id":702,"name":703,"tactic":791},{"name":62},{"id":706,"name":707,"tactic":793},{"name":62},{"id":558,"name":559,"tactic":795},{"name":62},{"id":177,"name":178,"tactic":797},{"name":67},{"id":107,"name":108,"tactic":799},{"name":67},{"id":716,"name":717,"tactic":801},{"name":67},{"id":720,"name":721,"tactic":803},{"name":67},{"id":562,"name":563,"tactic":805},{"name":67},{"id":492,"name":493,"tactic":807},{"name":114},{"id":116,"name":117,"tactic":809},{"name":114},{"id":111,"name":112,"tactic":811},{"name":114},{"id":120,"name":121,"tactic":813},{"name":114},{"id":124,"name":125,"tactic":815},{"name":114},{"id":128,"name":129,"tactic":817},{"name":114},{"id":738,"name":739,"tactic":819},{"name":114},{"id":193,"name":194,"tactic":821},{"name":114},{"id":197,"name":198,"tactic":823},{"name":114},{"id":496,"name":497,"tactic":825},{"name":114},{"id":827,"name":828,"techniques":829},"CAPEC-151","Identity Spoofing",[],{"id":831,"name":832,"techniques":833},"CAPEC-194","Fake the Source of Data",[],{"id":835,"name":836,"techniques":837},"CAPEC-22","Exploiting Trust in Client",[],{"id":839,"name":840,"techniques":841},"CAPEC-57","Utilizing REST's Trust in the System Resource to Obtain Sensitive Data",[842],{"id":843,"name":844,"tactics":845,"countermeasures":848},"T1040","Network Sniffing",[846,847],{"id":572,"name":573},{"id":81,"name":82},[849],{"id":850,"name":851,"tactic":852},"D3-DNSTA","DNS Traffic Analysis",{"name":57},{"id":854,"name":855,"techniques":856},"CAPEC-593","Session Hijacking",[857,881,952],{"id":858,"name":859,"tactics":860,"countermeasures":862},"T1185","Browser Session Hijacking",[861],{"id":518,"name":519},[863,865,867,869,871,873,875,877,879],{"id":408,"name":409,"tactic":864},{"name":57},{"id":412,"name":413,"tactic":866},{"name":57},{"id":416,"name":417,"tactic":868},{"name":57},{"id":420,"name":421,"tactic":870},{"name":57},{"id":424,"name":425,"tactic":872},{"name":57},{"id":428,"name":429,"tactic":874},{"name":57},{"id":432,"name":433,"tactic":876},{"name":57},{"id":436,"name":437,"tactic":878},{"name":57},{"id":484,"name":485,"tactic":880},{"name":114},{"id":882,"name":883,"tactics":884,"countermeasures":887},"T1550.001","Application Access Token",[885,886],{"id":35,"name":36},{"id":404,"name":405},[888,890,892,894,896,898,900,902,904,906,908,910,912,914,916,918,920,922,924,926,928,930,932,934,936,938,940,942,944,946,948,950],{"id":440,"name":441,"tactic":889},{"name":57},{"id":444,"name":445,"tactic":891},{"name":57},{"id":448,"name":449,"tactic":893},{"name":57},{"id":355,"name":356,"tactic":895},{"name":57},{"id":408,"name":409,"tactic":897},{"name":57},{"id":412,"name":413,"tactic":899},{"name":57},{"id":416,"name":417,"tactic":901},{"name":57},{"id":420,"name":421,"tactic":903},{"name":57},{"id":424,"name":425,"tactic":905},{"name":57},{"id":428,"name":429,"tactic":907},{"name":57},{"id":432,"name":433,"tactic":909},{"name":57},{"id":436,"name":437,"tactic":911},{"name":57},{"id":454,"name":455,"tactic":913},{"name":96},{"id":458,"name":459,"tactic":915},{"name":96},{"id":462,"name":463,"tactic":917},{"name":96},{"id":466,"name":467,"tactic":919},{"name":96},{"id":359,"name":360,"tactic":921},{"name":96},{"id":363,"name":364,"tactic":923},{"name":96},{"id":367,"name":368,"tactic":925},{"name":101},{"id":371,"name":372,"tactic":927},{"name":62},{"id":375,"name":376,"tactic":929},{"name":62},{"id":379,"name":380,"tactic":931},{"name":62},{"id":383,"name":384,"tactic":933},{"name":62},{"id":387,"name":388,"tactic":935},{"name":62},{"id":391,"name":392,"tactic":937},{"name":67},{"id":488,"name":489,"tactic":939},{"name":114},{"id":492,"name":493,"tactic":941},{"name":114},{"id":496,"name":497,"tactic":943},{"name":114},{"id":500,"name":501,"tactic":945},{"name":114},{"id":504,"name":505,"tactic":947},{"name":114},{"id":395,"name":396,"tactic":949},{"name":114},{"id":484,"name":485,"tactic":951},{"name":114},{"id":953,"name":954,"tactics":955,"countermeasures":957},"T1563","Remote Service Session Hijacking",[956],{"id":404,"name":405},[958,960,962,964,966,968,970,972,974,978],{"id":408,"name":409,"tactic":959},{"name":57},{"id":412,"name":413,"tactic":961},{"name":57},{"id":416,"name":417,"tactic":963},{"name":57},{"id":420,"name":421,"tactic":965},{"name":57},{"id":424,"name":425,"tactic":967},{"name":57},{"id":428,"name":429,"tactic":969},{"name":57},{"id":432,"name":433,"tactic":971},{"name":57},{"id":436,"name":437,"tactic":973},{"name":57},{"id":975,"name":976,"tactic":977},"D3-ST","Session Termination",{"name":96},{"id":484,"name":485,"tactic":979},{"name":114},{"id":981,"name":982,"techniques":983},"CAPEC-633","Token Impersonation",[984],{"id":985,"name":986,"tactics":987,"countermeasures":991},"T1134","Access Token Manipulation",[988,989,990],{"id":35,"name":36},{"id":38,"name":39},{"id":32,"name":33},[992,994,996,998,1000,1002,1004,1006,1008,1010,1012,1014,1016,1018,1020,1022,1024,1026,1028,1030,1032,1034,1036,1038],{"id":143,"name":144,"tactic":993},{"name":48},{"id":666,"name":667,"tactic":995},{"name":48},{"id":660,"name":661,"tactic":997},{"name":48},{"id":670,"name":671,"tactic":999},{"name":57},{"id":554,"name":555,"tactic":1001},{"name":57},{"id":355,"name":356,"tactic":1003},{"name":57},{"id":682,"name":683,"tactic":1005},{"name":57},{"id":448,"name":449,"tactic":1007},{"name":57},{"id":975,"name":976,"tactic":1009},{"name":96},{"id":359,"name":360,"tactic":1011},{"name":96},{"id":363,"name":364,"tactic":1013},{"name":96},{"id":367,"name":368,"tactic":1015},{"name":101},{"id":371,"name":372,"tactic":1017},{"name":62},{"id":375,"name":376,"tactic":1019},{"name":62},{"id":379,"name":380,"tactic":1021},{"name":62},{"id":383,"name":384,"tactic":1023},{"name":62},{"id":387,"name":388,"tactic":1025},{"name":62},{"id":177,"name":178,"tactic":1027},{"name":67},{"id":391,"name":392,"tactic":1029},{"name":67},{"id":492,"name":493,"tactic":1031},{"name":114},{"id":395,"name":396,"tactic":1033},{"name":114},{"id":193,"name":194,"tactic":1035},{"name":114},{"id":197,"name":198,"tactic":1037},{"name":114},{"id":496,"name":497,"tactic":1039},{"name":114},{"id":1041,"name":1042,"techniques":1043},"CAPEC-650","Upload a Web Shell to a Web Server",[1044],{"id":1045,"name":1046,"tactics":1047,"countermeasures":1049},"T1505.003","Web Shell",[1048],{"id":29,"name":30},[1050,1054,1058,1062,1066,1068,1070,1072,1074,1076,1078,1080,1082,1084,1086,1088,1090,1092,1094,1098,1100,1102,1104,1106,1108,1110,1112,1114,1116,1118,1120],{"id":1051,"name":1052,"tactic":1053},"D3-NNI","Network Node Inventory",{"name":48},{"id":1055,"name":1056,"tactic":1057},"D3-PLM","Physical Link Mapping",{"name":48},{"id":1059,"name":1060,"tactic":1061},"D3-LLM","Logical Link Mapping",{"name":48},{"id":1063,"name":1064,"tactic":1065},"D3-EHB","Endpoint Health Beacon",{"name":57},{"id":85,"name":86,"tactic":1067},{"name":57},{"id":89,"name":90,"tactic":1069},{"name":57},{"id":151,"name":152,"tactic":1071},{"name":57},{"id":155,"name":156,"tactic":1073},{"name":57},{"id":440,"name":441,"tactic":1075},{"name":57},{"id":444,"name":445,"tactic":1077},{"name":57},{"id":448,"name":449,"tactic":1079},{"name":57},{"id":93,"name":94,"tactic":1081},{"name":96},{"id":454,"name":455,"tactic":1083},{"name":96},{"id":458,"name":459,"tactic":1085},{"name":96},{"id":462,"name":463,"tactic":1087},{"name":96},{"id":466,"name":467,"tactic":1089},{"name":96},{"id":98,"name":99,"tactic":1091},{"name":101},{"id":103,"name":104,"tactic":1093},{"name":62},{"id":1095,"name":1096,"tactic":1097},"D3-RNA","Restore Network Access",{"name":67},{"id":107,"name":108,"tactic":1099},{"name":67},{"id":116,"name":117,"tactic":1101},{"name":114},{"id":111,"name":112,"tactic":1103},{"name":114},{"id":120,"name":121,"tactic":1105},{"name":114},{"id":124,"name":125,"tactic":1107},{"name":114},{"id":128,"name":129,"tactic":1109},{"name":114},{"id":193,"name":194,"tactic":1111},{"name":114},{"id":197,"name":198,"tactic":1113},{"name":114},{"id":488,"name":489,"tactic":1115},{"name":114},{"id":492,"name":493,"tactic":1117},{"name":114},{"id":496,"name":497,"tactic":1119},{"name":114},{"id":500,"name":501,"tactic":1121},{"name":114},{"id":1123,"name":1124,"techniques":1125},"CAPEC-94","Adversary in the Middle (AiTM)",[1126],{"id":1127,"name":1128,"tactics":1129,"countermeasures":1132},"T1557","Adversary-in-the-Middle",[1130,1131],{"id":572,"name":573},{"id":518,"name":519},[1133,1135,1137,1139,1141,1143,1145,1147,1149,1153],{"id":408,"name":409,"tactic":1134},{"name":57},{"id":412,"name":413,"tactic":1136},{"name":57},{"id":416,"name":417,"tactic":1138},{"name":57},{"id":420,"name":421,"tactic":1140},{"name":57},{"id":424,"name":425,"tactic":1142},{"name":57},{"id":428,"name":429,"tactic":1144},{"name":57},{"id":432,"name":433,"tactic":1146},{"name":57},{"id":436,"name":437,"tactic":1148},{"name":57},{"id":1150,"name":1151,"tactic":1152},"D3-CAA","Connection Attempt Analysis",{"name":57},{"id":484,"name":485,"tactic":1154},{"name":114},[],[1157],"GHSA-qc72-gfvw-76h7",[],[1160,1162],{"_key":1161},"RHSA-2017:2904",{"_key":1163},"RHSA-2017:2905",[],[],"2017-10-26T17:00:00.000Z","2024-09-16T18:48:51.709Z","Modified",{"cisa_kev":1170,"cisa_ransomware":1170,"cisa_vendor":9,"epss_severity":1171,"epss_score":1172,"severity":1173,"severity_score":1174,"severity_version":1175,"severity_source":1176,"severity_vector":1177,"severity_status":1168},false,"low",0.00571,"high",7.2,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",[1179,1190,1194,1198,1203,1208],{"url":1180,"sources":1181,"tags":1184},"https://access.redhat.com/errata/RHSA-2017:2904",[1182,1176,1183],"cve.org","osv_maven",[1185,1186,1187,1188,1189],"Vendor Advisory","X Refsource REDHAT","Issue Tracking","Third Party Advisory","WEB",{"url":1191,"sources":1192,"tags":1193},"https://access.redhat.com/errata/RHSA-2017:2905",[1182,1176,1183],[1185,1186,1187,1188,1189],{"url":1195,"sources":1196,"tags":1197},"https://access.redhat.com/errata/RHSA-2017:2906",[1182,1176,1183],[1185,1186,1187,1188,1189],{"url":1199,"sources":1200,"tags":1201},"https://bugzilla.redhat.com/show_bug.cgi?id=1484154",[1182,1176,1183],[1202,1187,1188,1189],"X Refsource CONFIRM",{"url":1204,"sources":1205,"tags":1206},"https://nvd.nist.gov/vuln/detail/CVE-2017-12160",[1183],[1207],"Advisory",{"url":1209,"sources":1210,"tags":1211},"https://github.com/keycloak/keycloak",[1183],[1212],"PACKAGE",[],{"date":1215,"score":1172,"percentile":1216},"2026-06-04",0.69,[1218,1221,1224,1227,1230,1233,1236,1239,1241,1244,1247,1250,1253,1256,1259,1262,1265,1268,1271,1274,1277,1280,1282,1285,1288,1290,1293,1296,1299,1302,1305,1308,1311,1314,1317,1320,1323,1326,1329,1332,1335,1338,1341,1344,1347,1350,1353,1356,1359,1362,1364,1367,1370,1373,1376,1379,1381,1384,1387,1390,1393,1396,1399,1402,1405,1408,1411,1414,1417,1420,1423,1426,1429,1432,1435,1438,1441,1444,1447,1450,1453,1456,1459,1462,1465,1468,1471,1473,1476,1479],{"date":1219,"score":1172,"percentile":1220},"2025-11-04",0.67736,{"date":1222,"score":1172,"percentile":1223},"2025-11-05",0.67717,{"date":1225,"score":1172,"percentile":1226},"2025-11-06",0.67719,{"date":1228,"score":1172,"percentile":1229},"2025-11-07",0.67731,{"date":1231,"score":1172,"percentile":1232},"2025-11-08",0.67732,{"date":1234,"score":1172,"percentile":1235},"2025-11-09",0.67723,{"date":1237,"score":1172,"percentile":1238},"2025-11-10",0.67713,{"date":1240,"score":1172,"percentile":1226},"2025-11-11",{"date":1242,"score":1172,"percentile":1243},"2025-11-12",0.6774,{"date":1245,"score":1172,"percentile":1246},"2025-11-13",0.6775,{"date":1248,"score":1172,"percentile":1249},"2025-11-14",0.67758,{"date":1251,"score":1172,"percentile":1252},"2025-11-15",0.67756,{"date":1254,"score":1172,"percentile":1255},"2025-11-16",0.67752,{"date":1257,"score":1172,"percentile":1258},"2025-11-17",0.67746,{"date":1260,"score":1172,"percentile":1261},"2025-11-18",0.66051,{"date":1263,"score":1172,"percentile":1264},"2025-11-19",0.66058,{"date":1266,"score":1172,"percentile":1267},"2025-11-20",0.66054,{"date":1269,"score":1172,"percentile":1270},"2025-11-21",0.67761,{"date":1272,"score":1172,"percentile":1273},"2025-11-22",0.67766,{"date":1275,"score":1172,"percentile":1276},"2025-11-23",0.67755,{"date":1278,"score":1172,"percentile":1279},"2025-11-24",0.67743,{"date":1281,"score":1172,"percentile":1255},"2025-11-25",{"date":1283,"score":1172,"percentile":1284},"2025-11-26",0.6776,{"date":1286,"score":1172,"percentile":1287},"2025-11-27",0.67763,{"date":1289,"score":1172,"percentile":1258},"2025-11-28",{"date":1291,"score":1172,"percentile":1292},"2025-11-29",0.67728,{"date":1294,"score":1172,"percentile":1295},"2025-11-30",0.67725,{"date":1297,"score":1172,"percentile":1298},"2025-12-01",0.67881,{"date":1300,"score":1172,"percentile":1301},"2025-12-02",0.67887,{"date":1303,"score":1172,"percentile":1304},"2025-12-03",0.67884,{"date":1306,"score":1172,"percentile":1307},"2025-12-04",0.67716,{"date":1309,"score":1172,"percentile":1310},"2025-12-05",0.6773,{"date":1312,"score":1172,"percentile":1313},"2025-12-06",0.67734,{"date":1315,"score":1172,"percentile":1316},"2025-12-07",0.67729,{"date":1318,"score":1172,"percentile":1319},"2025-12-08",0.67733,{"date":1321,"score":1172,"percentile":1322},"2025-12-09",0.67765,{"date":1324,"score":1172,"percentile":1325},"2025-12-10",0.67811,{"date":1327,"score":1172,"percentile":1328},"2025-12-11",0.67831,{"date":1330,"score":1172,"percentile":1331},"2025-12-12",0.67857,{"date":1333,"score":1172,"percentile":1334},"2025-12-13",0.67864,{"date":1336,"score":1172,"percentile":1337},"2025-12-14",0.67868,{"date":1339,"score":1172,"percentile":1340},"2025-12-15",0.67866,{"date":1342,"score":1172,"percentile":1343},"2025-12-16",0.67869,{"date":1345,"score":1172,"percentile":1346},"2025-12-17",0.67882,{"date":1348,"score":1172,"percentile":1349},"2025-12-18",0.67917,{"date":1351,"score":1172,"percentile":1352},"2025-12-19",0.67936,{"date":1354,"score":1172,"percentile":1355},"2025-12-20",0.67934,{"date":1357,"score":1172,"percentile":1358},"2025-12-21",0.6792,{"date":1360,"score":1172,"percentile":1361},"2025-12-22",0.67921,{"date":1363,"score":1172,"percentile":1349},"2025-12-23",{"date":1365,"score":1172,"percentile":1366},"2025-12-24",0.67926,{"date":1368,"score":1172,"percentile":1369},"2025-12-25",0.67956,{"date":1371,"score":1172,"percentile":1372},"2025-12-26",0.67957,{"date":1374,"score":1172,"percentile":1375},"2025-12-27",0.68015,{"date":1377,"score":1172,"percentile":1378},"2025-12-28",0.6793,{"date":1380,"score":1172,"percentile":1361},"2025-12-29",{"date":1382,"score":1172,"percentile":1383},"2025-12-30",0.67935,{"date":1385,"score":1172,"percentile":1386},"2025-12-31",0.67952,{"date":1388,"score":1172,"percentile":1389},"2026-01-01",0.6813,{"date":1391,"score":1172,"percentile":1392},"2026-01-02",0.68115,{"date":1394,"score":1172,"percentile":1395},"2026-01-03",0.68116,{"date":1397,"score":1172,"percentile":1398},"2026-01-04",0.67951,{"date":1400,"score":1172,"percentile":1401},"2026-01-05",0.6794,{"date":1403,"score":1172,"percentile":1404},"2026-01-06",0.6795,{"date":1406,"score":1172,"percentile":1407},"2026-01-07",0.67969,{"date":1409,"score":1172,"percentile":1410},"2026-01-08",0.67984,{"date":1412,"score":1172,"percentile":1413},"2026-01-09",0.67994,{"date":1415,"score":1172,"percentile":1416},"2026-01-10",0.67996,{"date":1418,"score":1172,"percentile":1419},"2026-01-11",0.67991,{"date":1421,"score":1172,"percentile":1422},"2026-01-12",0.67979,{"date":1424,"score":1172,"percentile":1425},"2026-01-13",0.67975,{"date":1427,"score":1172,"percentile":1428},"2026-01-14",0.68014,{"date":1430,"score":1172,"percentile":1431},"2026-01-15",0.68018,{"date":1433,"score":1172,"percentile":1434},"2026-01-16",0.68034,{"date":1436,"score":1172,"percentile":1437},"2026-01-17",0.68024,{"date":1439,"score":1172,"percentile":1440},"2026-01-18",0.68013,{"date":1442,"score":1172,"percentile":1443},"2026-01-19",0.68,{"date":1445,"score":1172,"percentile":1446},"2026-01-20",0.6801,{"date":1448,"score":1172,"percentile":1449},"2026-01-21",0.68019,{"date":1451,"score":1172,"percentile":1452},"2026-01-22",0.68029,{"date":1454,"score":1172,"percentile":1455},"2026-01-23",0.68057,{"date":1457,"score":1172,"percentile":1458},"2026-01-24",0.68069,{"date":1460,"score":1172,"percentile":1461},"2026-01-25",0.6804,{"date":1463,"score":1172,"percentile":1464},"2026-01-26",0.6803,{"date":1466,"score":1172,"percentile":1467},"2026-01-27",0.68037,{"date":1469,"score":1172,"percentile":1470},"2026-01-28",0.68049,{"date":1472,"score":1172,"percentile":1470},"2026-01-29",{"date":1474,"score":1172,"percentile":1475},"2026-01-30",0.68056,{"date":1477,"score":1172,"percentile":1478},"2026-01-31",0.6806,{"date":1480,"score":1172,"percentile":1481},"2026-02-01",0.68213,[1483,1493],{"source":1176,"cvss_v2_0":1484,"cvss_v3_0":9,"cvss_v3_1":1489,"cvss_v4_0":9},{"baseScore":1485,"baseSeverity":9,"vectorString":1486,"impactScore":1487,"exploitabilityScore":1488},6.5,"AV:N/AC:L/Au:S/C:P/I:P/A:P",6.4,8,{"baseScore":1174,"baseSeverity":1490,"vectorString":1177,"impactScore":1491,"exploitabilityScore":1492},"HIGH",9.8,3.1,{"source":1183,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":1494,"cvss_v4_0":9},{"baseScore":1174,"baseSeverity":9,"vectorString":1177,"impactScore":1491,"exploitabilityScore":1492},[1496,1509,1517],{"ecosystem":1497,"name":1498,"vendor":1499,"product":1500,"cpe_part":9,"purl_type":1501,"purl_namespace":1499,"purl_name":1500,"source":9,"versions":1502},"Maven","org.keycloak:keycloak-parent","org.keycloak","keycloak-parent","maven",[1503],{"version":1504,"is_range":1505,"range_type":1506,"version_start":9,"version_start_type":9,"version_end":1507,"version_end_type":1508,"fixed_in":9},"lt3_3_0_Final",true,"ecosystem","3.3.0.Final","excluding",{"ecosystem":9,"name":1510,"vendor":1511,"product":1510,"cpe_part":1512,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1513},"keycloak","red hat, inc.","a",[1514],{"version":1515,"is_range":1170,"range_type":1182,"version_start":1515,"version_start_type":1516,"version_end":1515,"version_end_type":1516,"fixed_in":9},"3.4.0","including",{"ecosystem":9,"name":1510,"vendor":1518,"product":1510,"cpe_part":1512,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1519},"redhat",[1520],{"version":1521,"is_range":1170,"range_type":1522,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na","cpe"]