Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Dogtagpki Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3551 4 Dogtagpki, Fedoraproject, Oracle and 1 more 12 Dogtagpki, Fedora, Linux and 9 more 2022-02-28 4.4 MEDIUM 7.8 HIGH
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.
CVE-2021-20179 3 Dogtagpki, Fedoraproject, Redhat 4 Dogtagpki, Fedora, Certificate System and 1 more 2021-03-24 5.5 MEDIUM 8.1 HIGH
A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.
CVE-2018-1080 1 Dogtagpki 1 Dogtagpki 2019-10-09 6.8 MEDIUM 8.1 HIGH
Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences.
CVE-2017-7537 2 Dogtagpki, Redhat 4 Dogtagpki, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-10-09 5.0 MEDIUM 7.5 HIGH
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.