Security Advisories

Keeper Connection Manager Security Advisories

Vulnerability Disclosure Program

Keeper has partnered with Bugcrowd to manage our vulnerability disclosure program. Please submit reports through https://bugcrowd.com/keepersecurity or send an email to security@keepersecurity.com.

Severity (CVSS v3.1 score)CVE IDDescriptionFixed in Keeper Connection Manager (or legacy Glyptodon) Release

Low (1.8)

CVE-2020-9497

Improper input validation of RDP static virtual channels

1.13, 2.1

Medium (5.9)

CVE-2020-9498

Dangling pointer in RDP static virtual channel handling

1.13, 2.1

Medium (4.1)

CVE-2020-11997

Inconsistent restriction of connection history visibility

1.14, 2.2

Medium (4.4)

CVE-2021-41767

Private tunnel identifier may be included in the non-private details of active connections

1.16, 2.6

High (8.7)

CVE-2021-43999

Improper validation of SAML responses

2.7

Severity rating scale

Keeper Connection Manager evaluates the factual details of each known vulnerability affecting Keeper Connection Manager and assigns severity ratings using the CVSS v3.1 scoring system, a standard owned by FIRST.Org, Inc. which FIRST has made freely available for public use. This scoring system produces a numeric rating between 0.0 and 10.0, which we then classify according to the "Qualitative Severity Rating Scale" published with the CVSS standard. The specific analysis that went into each assigned score can also be found within the document specific to the vulnerability, linked within the main table above.

SeverityCVSS score range

None

0.0

Low

0.1 - 3.9

Medium

4.0 - 6.9

High

7.0 - 8.9

Critical

9.0 - 10.0

Last updated