Vulnerabilities > Dogtagpki
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-20 | CVE-2019-10221 | Cross-site Scripting vulnerability in multiple products A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. | 6.1 |
| 2020-03-20 | CVE-2019-10179 | Cross-site Scripting vulnerability in multiple products A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. | 6.1 |
| 2020-03-18 | CVE-2019-10178 | Cross-site Scripting vulnerability in Dogtagpki It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. | 6.1 |
| 2020-03-18 | CVE-2019-10146 | Cross-site Scripting vulnerability in multiple products A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. | 4.7 |
| 2018-07-26 | CVE-2017-7537 | DEPRECATED: Authentication Bypass Issues vulnerability in multiple products It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. | 7.5 |
| 2018-07-03 | CVE-2018-1080 | Unspecified vulnerability in Dogtagpki Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. | 8.1 |