Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:0975
HistoryMar 23, 2021 - 2:56 p.m.

(RHSA-2021:0975) Important: pki-core security update

2021-03-2314:56:13
access.redhat.com
48

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

50.1%

JSON

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.

Security Fix(es):

  • pki-core: Unprivileged users can renew any certificate (CVE-2021-20179)

  • pki-core: XSS in the certificate search results (CVE-2020-25715)

  • pki-core: Reflected XSS in ‘path length’ constraint field in CA’s Agent page (CVE-2019-10146)

  • pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA’s DRM agent page in authorize recovery tab (CVE-2019-10179)

  • pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221)

  • pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7s390xpki-core-debuginfo< 10.5.16-7.el7_7pki-core-debuginfo-10.5.16-7.el7_7.s390x.rpm
RedHat7noarchpki-javadoc< 10.5.16-7.el7_7pki-javadoc-10.5.16-7.el7_7.noarch.rpm
RedHat7ppc64pki-core-debuginfo< 10.5.16-7.el7_7pki-core-debuginfo-10.5.16-7.el7_7.ppc64.rpm
RedHat7ppc64pki-tools< 10.5.16-7.el7_7pki-tools-10.5.16-7.el7_7.ppc64.rpm
RedHat7x86_64pki-symkey< 10.5.16-7.el7_7pki-symkey-10.5.16-7.el7_7.x86_64.rpm
RedHat7ppc64pki-symkey< 10.5.16-7.el7_7pki-symkey-10.5.16-7.el7_7.ppc64.rpm
RedHat7ppc64lepki-core-debuginfo< 10.5.16-7.el7_7pki-core-debuginfo-10.5.16-7.el7_7.ppc64le.rpm
RedHat7noarchpki-server< 10.5.16-7.el7_7pki-server-10.5.16-7.el7_7.noarch.rpm
RedHat7ppc64lepki-symkey< 10.5.16-7.el7_7pki-symkey-10.5.16-7.el7_7.ppc64le.rpm
RedHat7noarchpki-ca< 10.5.16-7.el7_7pki-ca-10.5.16-7.el7_7.noarch.rpm
Rows per page:
1-10 of 181

Related

centos 1
nessus 26
amazon 1
redhat 5
oraclelinux 3
veracode 6
osv 8
redhatcve 6
prion 6
ubuntucve 6
cve 6
debiancve 6
almalinux 2
rocky 2
fedora 4
centos
centos
pki security update
2021-03-18 19:15:06
nessus
nessus
CentOS 7 : pki-core (CESA-2021:0851)
2021-03-18 00:00:00
NewStart CGSL CORE 5.05 / MAIN 5.05 : pki-core Multiple Vulnerabilities (NS-SA-2022-0029)
2022-05-09 00:00:00
Oracle Linux 7 : pki-core (ELSA-2021-0851)
2021-03-17 00:00:00
amazon
amazon
Important: pki-core
2021-04-20 17:55:00
redhat
redhat
(RHSA-2021:0851) Important: pki-core security and bug fix update
2021-03-16 10:25:35
(RHSA-2021:0819) Important: pki-core security update
2021-03-15 12:19:34
(RHSA-2021:1263) Important: pki-core:10.6 security and bug fix update
2021-04-20 09:16:55
oraclelinux
oraclelinux
pki-core security and bug fix update
2021-03-17 00:00:00
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-10 00:00:00
pki-core:10.6 security update
2021-03-24 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2021-03-17 04:06:15
Cross-Site Scripting (XSS)
2021-03-17 04:06:22
Cross-site Scripting (XSS)
2021-03-17 04:06:12
osv
osv
CVE-2019-10179
2020-03-20 15:15:12
Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-03 12:29:58
CVE-2020-25715
2021-05-28 11:15:07
redhatcve
redhatcve
CVE-2019-10179
2020-02-03 16:47:31
CVE-2020-25715
2021-03-02 15:33:18
CVE-2019-10221
2020-02-04 13:17:35
prion
prion
Cross site scripting
2020-03-20 15:15:00
Cross site scripting
2020-03-20 15:15:00
Cross site scripting
2020-03-18 15:15:00
ubuntucve
ubuntucve
CVE-2019-10179
2020-03-20 00:00:00
CVE-2019-10221
2020-03-20 00:00:00
CVE-2020-25715
2021-05-28 00:00:00
cve
cve
CVE-2019-10179
2020-03-20 15:15:00
CVE-2020-25715
2021-05-28 11:15:00
CVE-2019-10146
2020-03-18 15:15:00
debiancve
debiancve
CVE-2020-25715
2021-05-28 11:15:00
CVE-2019-10179
2020-03-20 15:15:00
CVE-2019-10146
2020-03-18 15:15:00
almalinux
almalinux
Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-03 12:29:58
Important: pki-core:10.6 security update
2021-03-23 10:29:41
rocky
rocky
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-03 12:29:58
pki-core:10.6 security update
2021-03-23 10:29:41
fedora
fedora
[SECURITY] Fedora 34 Update: pki-core-10.10.5-6.fc34
2021-03-19 20:32:19
[SECURITY] Fedora 34 Update: dogtag-pki-10.10.5-3.fc34
2021-03-19 20:32:19
[SECURITY] Fedora 32 Update: pki-core-10.10.5-5.fc32
2021-03-20 01:15:39

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

50.1%

JSON
Related for RHSA-2021:0975
centos1nessus26amazon1redhat5oraclelinux3veracode6osv8redhatcve6prion6ubuntucve6cve6debiancve6almalinux2rocky2fedora4