VYPR

Dogtag

by Red Hat

CVEs (3)

  • CVE-2023-4727HigJun 11, 2024
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to…

  • CVE-2018-1080HigJul 3, 2018
    risk 0.49cvss 7.5epss 0.02

    Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny),…

  • CVE-2021-3551Feb 16, 2022
    risk 0.00cvss epss 0.00

    A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager.…