search

Security Advisories

Keeper Connection Manager Security Advisories

circle-exclamation

hashtag
Vulnerability Disclosure Program

Keeper has partnered with Bugcrowd to manage our vulnerability disclosure program. Please submit reports through https://bugcrowd.com/keepersecurityarrow-up-right or send an email to [email protected].

Severity (CVSS v3.1 score)
CVE ID
Description
Fixed in Keeper Connection Manager (or legacy Glyptodon) Release

Low (1.8)

CVE-2020-9497

Improper input validation of RDP static virtual channels

1.13, 2.1

Medium (5.9)

CVE-2020-9498

Dangling pointer in RDP static virtual channel handling

1.13, 2.1

Medium (4.1)

CVE-2020-11997

Inconsistent restriction of connection history visibility

1.14, 2.2

Medium (4.4)

CVE-2021-41767

Private tunnel identifier may be included in the non-private details of active connections

1.16, 2.6

High (8.7)

CVE-2021-43999

Improper validation of SAML responses

2.7

hashtag
Severity rating scale

Keeper Connection Manager evaluates the factual details of each known vulnerability affecting Keeper Connection Manager and assigns severity ratings using the CVSS v3.1 scoring systemarrow-up-right, a standard owned by FIRST.Org, Inc.arrow-up-right which FIRST has made freely available for public use. This scoring system produces a numeric rating between 0.0 and 10.0, which we then classify according to the "Qualitative Severity Rating Scale" published with the CVSS standardarrow-up-right. The specific analysis that went into each assigned score can also be found within the document specific to the vulnerability, linked within the main table above.

Severity
CVSS score range

None

0.0

Low

0.1 - 3.9

Medium

4.0 - 6.9

High

7.0 - 8.9

Critical

9.0 - 10.0

PreviousScope of SupportNextCVE-2020-9497: Improper input validation of RDP static virtual channels

Last updated

Was this helpful?