Lucene search
K
RedhatCertificate System

18 matches found

CVE
CVE
added 2021/03/15 12:1 p.m.219 views

CVE-2021-20179

CVE-2021-20179 affects pki-core: an attacker who has compromised a key could renew the same certificate repeatedly as long as it isn’t revoked. Connected Nessus entries (MiracleLinux, Alibaba Cloud Linux, Rocky Linux, RHEL/Rocky family, NewStart CGSL, Oracle Linux, etc.) reference the same flaw i...

8.1CVSS7.6AI score0.01187EPSS
CVE
CVE
added 2022/07/14 2:53 p.m.184 views

CVE-2022-2393

CVE-2022-2393 in pki-core describes a flaw where, when directory-based authentication is enabled, an authenticated attacker on an adjacent network can abuse the caServerKeygen_DirUserCert profile to obtain a certificate for another user identity (i.e., a different UID) by populating the Subject f...

5.7CVSS5.2AI score0.00235EPSS
CVE
CVE
added 2020/03/20 1:58 p.m.114 views

CVE-2020-1696

CVE-2020-1696 affects all pki-core 10.x.x versions where the Token Processing Service (TPS) fails to sanitize Profile IDs, enabling Stored XSS when the profile ID is printed. The issue is described as Stored XSS in TPS profile creation/Activity tab across Red Hat advisory references, with an atta...

5.4CVSS5AI score0.00764EPSS
CVE
CVE
added 2020/03/31 4:31 p.m.92 views

CVE-2019-10180

The CVE-2019-10180 issue affects all pki-core 10.x.x versions where the Token Processing Service (TPS) unsafely stored or sanitized token parameters, enabling Stored XSS. The root cause is improper sanitization of several parameters stored for tokens, allowing an attacker who can modify token par...

4.8CVSS4.9AI score0.00737EPSS
CVE
CVE
added 2013/01/04 10:0 p.m.84 views

CVE-2012-4543

CVE-2012-4543 describes multiple XSS vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3. The flaws allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSize parameters to the displayCRL script, or (3) nonce variable to the profileProcess sc...

4.3CVSS5.5AI score0.01227EPSS
CVE
CVE
added 2009/05/27 4:0 p.m.73 views

CVE-2009-0588

The CVE-2009-0588 issue affects Red Hat Certificate System 7.3 (RA/Registration Authority) and Dogtag Certificate System, where agent/request/op.cgi processing allowed remote authenticated users to approve certificate requests in arbitrary agent-group queues by manipulating the request ID. Root c...

6.5CVSS6.5AI score0.0131EPSS
Web
CVE
CVE
added 2012/08/13 8:0 p.m.71 views

CVE-2012-2662

CVE-2012-2662 affects Red Hat Certificate System (RHCS) and Dogtag Certificate System. The vulnerability enables multiple cross-site scripting (XSS) in the web interface via unspecified parameters on the System Agent and End Entity pages, allowing remote attackers to inject arbitrary scripts/HTML...

4.3CVSS5.6AI score0.01373EPSS
CVE
CVE
added 2013/01/04 10:0 p.m.69 views

CVE-2012-4555

CVE-2012-4555 affects Red Hat Certificate System (RHCS) pki-tps before version 8.1.3. The vulnerability arises from improper handling of interruptions during token format operations, allowing a remote attacker to cause a denial of service via a NULL pointer dereference, crashing the Apache httpd ...

4CVSS6.7AI score0.01192EPSS
CVE
CVE
added 2014/01/24 4:0 p.m.67 views

CVE-2013-1886

CVE-2013-1886 is a format-string vulnerability in Red Hat Certificate System (RHCS) pki-tps (token processing system). The flaw, affecting RHCS 8.1 and possibly Dogtag Certificate System 9–10, could allow a remote authenticated user to crash the Apache HTTP Server or potentially execute arbitrary...

7.5CVSS7.5AI score0.0222EPSS
CVE
CVE
added 2010/11/17 3:0 p.m.66 views

CVE-2010-3869

CVE-2010-3869 affects Red Hat Certificate System (RHCS) 7.3/8 and Dogtag Certificate System, enabling remote authenticated users to generate an unlimited number of certificates by replaying a single SCEP one-time PIN. The associated Red Hat advisory RHSA-2010:0837/0838 documents this alongside re...

4CVSS6.5AI score0.00781EPSS
CVE
CVE
added 2010/11/17 3:0 p.m.61 views

CVE-2010-3868

CVE-2010-3868 affects Red Hat Certificate System (RHCS) 7.3/8 and Dogtag Certificate System: unauthenticated decryption of SCEP one-time PINs in SCEP requests allows remote attackers who sniff the network to obtain PINs. Red Hat/RHSA advisories (0837/0838) fix this by restricting decryption to au...

5.8CVSS7AI score0.01284EPSS
CVE
CVE
added 2012/08/13 8:0 p.m.60 views

CVE-2012-3367

CVE-2012-3367 affects Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System. Root cause: the web interface failed to properly validate certificate revocation requests, allowing an agent with permissions to revoke end-entity certificates to revoke the CA certificate. Impact:...

5.5CVSS6.8AI score0.01163EPSS
CVE
CVE
added 2014/01/24 4:0 p.m.60 views

CVE-2013-1885

CVE-2013-1885 affects Red Hat Certificate System (RHCS) 8.1 (and possibly Dogtag Certificate System 9/10) via the pki-tps component. A cross-site scripting flaw allows remote attackers to inject arbitrary web script or HTML by manipulating PATH_INFO (to tus/ or tus/tus/). The issue stems from ins...

4.3CVSS5.8AI score0.01237EPSS
Web
CVE
CVE
added 2009/01/30 7:0 p.m.59 views

CVE-2008-5082

The CVE-2008-5082 issue affects Red Hat Certificate System (RHCS) 7.1–7.3 and Dogtag Certificate System 1.0, where the TPS verifyProof function could succeed enrollment with a software key even when a hardware key was expected. This allows remote authenticated users with enrollment privileges to ...

6CVSS6.7AI score0.00775EPSS
CVE
CVE
added 2018/07/26 4:0 p.m.59 views

CVE-2017-7509

CVE-2017-7509 affects the Red Hat Certificate System prior to version 8.1.20-1. Root cause: input validation error in handling of client-provided certificates when the certreq field is missing, triggering an assertion error and causing a denial of service. Impact: denial of service with partial t...

6.5CVSS6.4AI score0.00735EPSS
CVE
CVE
added 2009/01/20 4:0 p.m.57 views

CVE-2008-2367

CVE-2008-2367 affects Red Hat Certificate System 7.2. The root cause is insecure default file permissions on configuration files (e.g., password.conf) allowing local attackers to read sensitive credentials. Connected advisories note remediation via updated packages for Red Hat Certificate System ...

2.1CVSS6.6AI score0.00243EPSS
CVE
CVE
added 2009/01/20 4:0 p.m.55 views

CVE-2008-2368

Red Hat Certificate System 7.2 stores passwords in cleartext in debug/log files (e.g., UserDirEnrollment log and RA wizard installer log) and uses weak file permissions, enabling local read access. The issue is fixed in Red Hat advisories RHSA-2009:0006/0007 by updating pkisetup, rhpki-* and rela...

2.1CVSS6.6AI score0.00243EPSS
CVE
CVE
added 2013/01/04 10:0 p.m.53 views

CVE-2012-4556

CVE-2012-4556 affects Red Hat Certificate System (RHCS) under the token processing component pki-tps. The issue allows remote attackers to cause a denial-of-service by triggering an Apache httpd child process restart through certain unspecified empty search fields in a user certificate search que...

4CVSS6.8AI score0.01192EPSS