VYPR

Pki

by Dogtag

Source repositories

CVEs (2)

  • CVE-2023-4727HigJun 11, 2024
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to…

  • CVE-2022-2414Jul 29, 2022
    risk 0.07cvss epss 0.85

    Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.