rpm package
almalinux/idm-pki-symkey
pkg:rpm/almalinux/idm-pki-symkey
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-4727 | Hig | 7.5 | < 10.15.1-1.module_el8.10.0+3868+cdab0fd8 | 10.15.1-1.module_el8.10.0+3868+cdab0fd8 | Jun 11, 2024 | A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escal | |
| CVE-2022-2414 | — | < 10.12.0-4.module_el8.7.0+3316+50b99934 | 10.12.0-4.module_el8.7.0+3316+50b99934 | Jul 29, 2022 | Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. |
- affected < 10.15.1-1.module_el8.10.0+3868+cdab0fd8fixed 10.15.1-1.module_el8.10.0+3868+cdab0fd8
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escal
- CVE-2022-2414Jul 29, 2022affected < 10.12.0-4.module_el8.7.0+3316+50b99934fixed 10.12.0-4.module_el8.7.0+3316+50b99934
Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.