Vulnerabilities > Dogtagpki
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-04 | CVE-2022-4132 | Memory Leak vulnerability in multiple products A flaw was found in JSS. | 5.9 |
2022-08-24 | CVE-2021-4213 | Memory Leak vulnerability in multiple products A flaw was found in JSS, where it did not properly free up all memory. | 7.5 |
2022-07-29 | CVE-2022-2414 | XXE vulnerability in Dogtagpki Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. | 7.5 |
2022-02-16 | CVE-2021-3551 | Cleartext Storage of Sensitive Information vulnerability in multiple products A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. | 7.8 |
2021-05-28 | CVE-2020-25715 | Cross-site Scripting vulnerability in Dogtagpki 10.9.0 A flaw was found in pki-core 10.9.0. | 6.1 |
2021-04-30 | CVE-2020-1721 | Cross-site Scripting vulnerability in Dogtagpki 10.10.5 A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. | 6.1 |
2021-03-15 | CVE-2021-20179 | Incorrect Authorization vulnerability in multiple products A flaw was found in pki-core. | 8.1 |
2020-07-14 | CVE-2020-15720 | Improper Certificate Validation vulnerability in Dogtagpki In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. | 6.8 |
2020-03-31 | CVE-2019-10180 | Cross-site Scripting vulnerability in multiple products A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. | 4.8 |
2020-03-20 | CVE-2020-1696 | Cross-site Scripting vulnerability in multiple products A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. | 5.4 |