It was found that Keycloak instances launched by the Operator are configured with an unsecured management interface enabled. An attacker could use this interface to deploy malicious code, as well as access and modify potentially sensitive information in the app server configuration.
This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2023:1047 https://access.redhat.com/errata/RHSA-2023:1047
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-4039