10.8.3

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-29	CVE-2022-2414	XXE vulnerability in Dogtagpki Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. network low complexity dogtagpki CWE-611	7.5
2021-03-15	CVE-2021-20179	A flaw was found in pki-core. network low complexity dogtagpki redhat fedoraproject	8.1
2020-07-14	CVE-2020-15720	Improper Certificate Validation vulnerability in Dogtagpki In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. network high complexity dogtagpki CWE-295	6.8
2020-03-31	CVE-2019-10180	A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. network low complexity dogtagpki redhat	4.8
2020-03-20	CVE-2020-1696	A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. network low complexity redhat dogtagpki	5.4
2020-03-20	CVE-2019-10221	Cross-site Scripting vulnerability in multiple products A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. network low complexity redhat dogtagpki CWE-79	6.1
2020-03-20	CVE-2019-10179	A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. network low complexity redhat dogtagpki	6.1