CVE-2020-14341

Name of the Vulnerable Software and Affected Versions Red Hat Single Sign On versions 7.x

Description The issue allows an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of their choosing, originating from the RHSSO installation. By observing differences in the timings of these scans, an attacker may gather information about hosts and ports they do not have access to scan directly.

Recommendations For Red Hat Single Sign On version 7.x, consider restricting access to the "Test Connection" feature in the application console to minimize the risk of exploitation. As a temporary workaround, disabling the "Test Connection" functionality may help until a more permanent solution is available.