Vulnerabilities > Dogtagpki

DATE CVE VULNERABILITY TITLE RISK
2020-03-20 CVE-2019-10221 Cross-site Scripting vulnerability in multiple products
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server.
network
low complexity
redhat dogtagpki CWE-79
6.1
2020-03-20 CVE-2019-10179 A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability.
network
low complexity
redhat dogtagpki
6.1
2020-03-18 CVE-2019-10178 Unspecified vulnerability in Dogtagpki
It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability.
network
low complexity
dogtagpki
6.1
2020-03-18 CVE-2019-10146 A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page.
network
high complexity
redhat dogtagpki
4.7
2018-07-26 CVE-2017-7537 It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4.
network
low complexity
redhat dogtagpki
7.5
2018-07-03 CVE-2018-1080 Unspecified vulnerability in Dogtagpki
Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed.
network
high complexity
dogtagpki
8.1