Vulnerabilities > Dogtagpki > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-24 | CVE-2021-4213 | Memory Leak vulnerability in multiple products A flaw was found in JSS, where it did not properly free up all memory. | 7.5 |
| 2022-07-29 | CVE-2022-2414 | XXE vulnerability in Dogtagpki Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. | 7.5 |
| 2022-02-16 | CVE-2021-3551 | Cleartext Storage of Sensitive Information vulnerability in multiple products A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. | 7.8 |
| 2021-03-15 | CVE-2021-20179 | A flaw was found in pki-core. | 8.1 |
| 2018-07-26 | CVE-2017-7537 | It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. | 7.5 |
| 2018-07-03 | CVE-2018-1080 | Unspecified vulnerability in Dogtagpki Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. | 8.1 |