15 matches found
MiracleLinux 7 : pki-core-10.5.18-23.el7 (AXSA:2022-3912:03)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3912:03 advisory. pki-core: When using the caServerKeygenDirUserCert profile, user can get certificates for other UIDs by entering name in Subject field CVE-2022-2393 Tenable...
Linux Distros Unpatched Vulnerability : CVE-2022-2393
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw...
RHEL 7 : Red Hat Certificate System 9.7 CVE update (Moderate) (RHSA-2022:7077)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7077 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: CVE-2022-2393 pki-core:...
Amazon Linux 2 : pki-core (ALAS-2023-2304)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2304 advisory. A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the...
Medium: pki-core
Issue Overview: A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but...
Important: Red Hat Security Advisory: pki-core:10.6 security update
An update for the pki-core:10.6 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...
Oracle Linux 9 : pki-core (ELSA-2023-2293)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2293 advisory. - Bug 2106459 - CVE-2022-2393 pki-core: Improper authentication/authorization with caServerKeygenDirUserCert profile - Bug 2107336 - CVE-2022-2414 pki-core:...
AlmaLinux 9 : pki-core (ALSA-2023:2293)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:2293 advisory. - A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw...
RHEL 9 : pki-core (RHSA-2023:2293)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:2293 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: pki-core: When using the...
Moderate: Red Hat Security Advisory: pki-core security, bug fix, and enhancement update
An update for jss, ldapjdk, pki-core, and tomcatjss is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Moderate: Red Hat Security Advisory: Red Hat Certificate System 9.7 CVE bug fix update
Updated CVE security packages are now available for Red Hat Certificate System 9.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
pki-core security update
10.5.18-23 - - RHEL 7.9 Batch Update 18: - - Bugzilla Bug 2107329 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE rhel-7.9.z ckelley, mharmsen - Bugzilla Bug 2111514 - CVE-2022-2393 pki-core: When using the caServerKeygenDirUserCert profile, user can get...
Oracle Linux 7 : pki-core (ELSA-2022-7086)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7086 advisory. - Bugzilla Bug 2107329 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE rhel-7.9.z ckelley, mharmsen - Bugzilla Bug 211151...
RHEL 7 : pki-core (RHSA-2022:7086)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7086 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: pki-core: When using the...
CVE-2022-2393
CVE-2022-2393 in pki-core describes a flaw where, when directory-based authentication is enabled, an authenticated attacker on an adjacent network can abuse the caServerKeygen_DirUserCert profile to obtain a certificate for another user identity (i.e., a different UID) by populating the Subject f...