Skip to main content

Dogtagpki

5 CVEs product

Monthly

CVE-2022-2414 HIGH POC PATCH THREAT This Week

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Dogtagpki
NVD GitHub
CVSS 3.1
7.5
EPSS
85.3%
CVE-2021-20179 HIGH PATCH This Week

A flaw was found in pki-core. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Dogtagpki Certificate System Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-15720 MEDIUM PATCH This Month

In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Dogtagpki
NVD GitHub
CVSS 3.1
6.8
EPSS
1.0%
CVE-2020-1696 MEDIUM This Month

A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Certificate System Dogtagpki
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2018-1080 HIGH PATCH This Week

Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Java Authentication Bypass Dogtagpki
NVD
CVSS 3.0
8.1
EPSS
1.5%
EPSS 85% CVSS 7.5
HIGH POC PATCH THREAT This Week

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Dogtagpki
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

A flaw was found in pki-core. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Dogtagpki Certificate System +2
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Dogtagpki
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Certificate System Dogtagpki
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Java Authentication Bypass Dogtagpki
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy