VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Dogtagpki
>
Dogtagpki
> 10.2.5
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2021-03-15
CVE-2021-20179
A flaw was found in pki-core.
network
low complexity
dogtagpki
redhat
fedoraproject
8.1
8.1
2020-07-14
CVE-2020-15720
Improper Certificate Validation vulnerability in Dogtagpki
In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation.
network
high complexity
dogtagpki
CWE-295
6.8
6.8
2020-03-31
CVE-2019-10180
A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability.
network
low complexity
dogtagpki
redhat
4.8
4.8
2020-03-20
CVE-2020-1696
A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed.
network
low complexity
redhat
dogtagpki
5.4
5.4
2020-03-20
CVE-2019-10221
Cross-site Scripting vulnerability in multiple products
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server.
network
low complexity
redhat
dogtagpki
CWE-79
6.1
6.1
2020-03-20
CVE-2019-10179
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability.
network
low complexity
redhat
dogtagpki
6.1
6.1
2020-03-18
CVE-2019-10146
A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page.
network
high complexity
redhat
dogtagpki
4.7
4.7
2018-07-26
CVE-2017-7537
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4.
network
low complexity
redhat
dogtagpki
7.5
7.5
2018-07-03
CVE-2018-1080
Unspecified vulnerability in Dogtagpki
Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed.
network
high complexity
dogtagpki
8.1
8.1