A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attackers own session with the client with a victims identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack.
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.