Vulnerabilities > Dogtagpki > Dogtagpki > 10.8.3

DATE CVE VULNERABILITY TITLE RISK
2022-07-29 CVE-2022-2414 XXE vulnerability in Dogtagpki
Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks.
network
low complexity
dogtagpki CWE-611
7.5
2021-03-15 CVE-2021-20179 A flaw was found in pki-core.
network
low complexity
dogtagpki redhat fedoraproject
8.1
2020-07-14 CVE-2020-15720 Improper Certificate Validation vulnerability in Dogtagpki
In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation.
network
high complexity
dogtagpki CWE-295
6.8
2020-03-31 CVE-2019-10180 A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability.
network
low complexity
dogtagpki redhat
4.8
2020-03-20 CVE-2020-1696 A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed.
network
low complexity
redhat dogtagpki
5.4
2020-03-20 CVE-2019-10221 Cross-site Scripting vulnerability in multiple products
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server.
network
low complexity
redhat dogtagpki CWE-79
6.1
2020-03-20 CVE-2019-10179 A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability.
network
low complexity
redhat dogtagpki
6.1