Filtered by vendor Redhat Subscriptions
Filtered by product Certificate System Eus Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-4727 1 Redhat 6 Certificate System Eus, Enterprise Linux, Rhel Aus and 3 more 2024-12-06 7.5 High
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
CVE-2020-1696 2 Dogtagpki, Redhat 3 Dogtagpki, Certificate System, Certificate System Eus 2024-11-21 4.6 Medium
A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.
CVE-2019-10180 2 Dogtagpki, Redhat 3 Dogtagpki, Certificate System, Certificate System Eus 2024-11-21 2.4 Low
A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.
CVE-2019-10178 2 Dogtagpki, Redhat 3 Dogtagpki, Certificate System, Certificate System Eus 2024-11-21 4.6 Medium
It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.