Latest Dogtagpki Vulnerabilities

CVE-2022-4132
A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).
Dogtagpki Network Security Services For Java<5.5.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
redhat/jss<5.5.0
CVE-2022-2414
Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sendi...
Dogtagpki Dogtagpki=10.5.18
Dogtagpki Dogtagpki=10.7.4
Dogtagpki Dogtagpki=10.8.3
Dogtagpki Dogtagpki=10.11.2
Dogtagpki Dogtagpki=10.12.4
Dogtagpki Dogtagpki=11.0.5
and 4 more
CVE-2021-3551
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file t...
Dogtagpki Dogtagpki>=10.10.0<10.10.6
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Oracle Linux=8
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Eus=8.4
and 7 more
CVE-2021-4213
A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force t...
Dogtagpki Network Security Services For Java<4.9.3
Dogtagpki Network Security Services For Java>=5.0.0<5.1.0
Redhat Enterprise Linux=8.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
debian/jss<=4.5.1-1<=4.8.0-2
and 2 more
CVE-2021-20179
A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked...
Dogtagpki Dogtagpki<10.5.0
Dogtagpki Dogtagpki>=10.5.1<10.8.0
Dogtagpki Dogtagpki>=10.8.1<10.9.0
Dogtagpki Dogtagpki>=10.9.1<10.10.0
Dogtagpki Dogtagpki>=10.10.1<10.11.0
Redhat Certificate System=10.0
and 12 more
CVE-2020-25715
A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get autom...
redhat/pki-core<0:10.5.18-12.el7_9
redhat/pki-core<0:10.5.9-15.el7_6
redhat/pki-core<0:10.5.16-7.el7_7
Dogtagpki Dogtagpki=10.9.0
redhat/pki-core<10.9.0
CVE-2020-15720
In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not p...
Dogtagpki Dogtagpki<=10.8.3
CVE-2020-1696
A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability wh...
Redhat Certificate System=9.0
Redhat Certificate System=10.0
Dogtagpki Dogtagpki>=10.0<=10.8.3
CVE-2019-10178
It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated at...
Dogtagpki Dogtagpki
CVE-2020-1721
A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site...
Dogtagpki Dogtagpki=10.10.5
redhat/pki-core<0:10.5.18-12.el7_9
redhat/pki-core<0:10.5.9-15.el7_6
redhat/pki-core<0:10.5.16-7.el7_7
CVE-2019-10221
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL p...
redhat/pki<10.9.0
redhat/pki-core<0:10.5.18-12.el7_9
redhat/pki-core<0:10.5.9-15.el7_6
redhat/pki-core<0:10.5.16-7.el7_7
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
and 1 more
CVE-2019-10146
A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server. In the /ca/agent/ca/profileProcess form, the basicConstraintsPathLen parameter is not properly sanitized...
redhat/pki-core<0:10.5.18-12.el7_9
redhat/pki-core<0:10.5.9-15.el7_6
redhat/pki-core<0:10.5.16-7.el7_7
Redhat Enterprise Linux=7.0
Dogtagpki Dogtagpki>=10.0<=10.7.3
CVE-2019-10179
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site ...
redhat/pki-core<0:10.5.18-12.el7_9
redhat/pki-core<0:10.5.9-15.el7_6
redhat/pki-core<0:10.5.16-7.el7_7
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Dogtagpki Dogtagpki>=10.0<=10.8.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203