5 matches found
ca: token authentication bypass vulnerability
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege...
pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page
A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser...
DEBIAN-CVE-2019-10179
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority KRA Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting XSS vulnerability. An attacker could trick an authenticated victim into executing special...
Unspecified Vulnerability in Oracle Financial Services Analytical Applications Infrastructure Component
Oracle Financial Services Applications is Oracle's suite of financial services software for core banking, online banking, and property management.Oracle Financial Services Analytical Applications Oracle Financial Services Analytical Applications Infrastructure is one of the financial services...
CVE-2018-2660
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications subcomponent: Core. Supported versions that are affected are 7.3.5.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network...