rpm package
almalinux/idm-tomcatjss
pkg:rpm/almalinux/idm-tomcatjss
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-4727 | Hig | 7.5 | < 7.8.0-1.module_el8.10.0+3801+17b19a60 | 7.8.0-1.module_el8.10.0+3801+17b19a60 | Jun 11, 2024 | A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escal |
- affected < 7.8.0-1.module_el8.10.0+3801+17b19a60fixed 7.8.0-1.module_el8.10.0+3801+17b19a60
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escal