Vulnerabilities > Dogtagpki

DATE CVE VULNERABILITY TITLE RISK
2023-10-04 CVE-2022-4132 Memory Leak vulnerability in multiple products
A flaw was found in JSS.
network
high complexity
dogtagpki redhat CWE-401
5.9
5.9
2022-08-24 CVE-2021-4213 Memory Leak vulnerability in multiple products
A flaw was found in JSS, where it did not properly free up all memory.
network
low complexity
dogtagpki redhat debian CWE-401
7.5
7.5
2022-07-29 CVE-2022-2414 XXE vulnerability in Dogtagpki
Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks.
network
low complexity
dogtagpki CWE-611
7.5
7.5
2022-02-16 CVE-2021-3551 Cleartext Storage of Sensitive Information vulnerability in multiple products
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. 		7.8
7.8
2021-05-28 CVE-2020-25715 Cross-site Scripting vulnerability in Dogtagpki 10.9.0
A flaw was found in pki-core 10.9.0.
network
low complexity
dogtagpki CWE-79
6.1
6.1
2021-04-30 CVE-2020-1721 Cross-site Scripting vulnerability in Dogtagpki 10.10.5
A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability.
network
low complexity
dogtagpki CWE-79
6.1
6.1
2021-03-15 CVE-2021-20179 Incorrect Authorization vulnerability in multiple products
A flaw was found in pki-core.
network
low complexity
dogtagpki redhat fedoraproject CWE-863
8.1
8.1
2020-07-14 CVE-2020-15720 Improper Certificate Validation vulnerability in Dogtagpki
In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation.
network
high complexity
dogtagpki CWE-295
6.8
6.8
2020-03-31 CVE-2019-10180 Cross-site Scripting vulnerability in multiple products
A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability.
network
low complexity
dogtagpki redhat CWE-79
4.8
4.8
2020-03-20 CVE-2020-1696 Cross-site Scripting vulnerability in multiple products
A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed.
network
low complexity
redhat dogtagpki CWE-79
5.4
5.4