Certificate System

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-14	CVE-2022-2393	A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. low complexity pki-core-project redhat	5.7
2021-03-15	CVE-2021-20179	A flaw was found in pki-core. network low complexity dogtagpki redhat fedoraproject	8.1
2020-03-31	CVE-2019-10180	A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. network low complexity dogtagpki redhat	4.8
2020-03-20	CVE-2020-1696	A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. network low complexity redhat dogtagpki	5.4
2018-07-26	CVE-2017-7509	Improper Input Validation vulnerability in Redhat Certificate System An input validation error was found in Red Hat Certificate System's handling of client provided certificates before 8.1.20-1. network low complexity redhat CWE-20	6.5