Redhat Certificate System — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Certificate System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2021-20179 — CVSS 8.1 (high): A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate…
CVE-2013-1886 — CVSS 7.5 (high): Format string vulnerability in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag…
CVE-2009-0588 — CVSS 6.5 (medium): agent/request/op.cgi in the Registration Authority (RA) component in Red Hat Certificate System (RHCS) 7.3 and Dogtag Certificate System…
CVE-2008-5082 — CVSS 6.0 (medium): The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag…
CVE-2010-3868 — CVSS 5.8 (medium): Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP…
CVE-2022-2393 — CVSS 5.7 (medium): A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication…
CVE-2012-3367 — CVSS 5.5 (medium): Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made…
CVE-2020-1696 — CVSS 4.6 (medium): A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs…
CVE-2012-2662 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System allow…
CVE-2012-4543 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject…
CVE-2013-1885 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and…
CVE-2012-4555 — CVSS 4.0 (medium): The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token…
CVE-2010-3869 — CVSS 4.0 (medium): Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number…
CVE-2012-4556 — CVSS 4.0 (medium): The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of…
CVE-2017-7509 — CVSS 3.5 (low): An input validation error was found in Red Hat Certificate System's handling of client provided certificates before 8.1.20-1. If the…
CVE-2019-10180 — CVSS 2.4 (low): A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several…
CVE-2008-2367 — CVSS 2.1 (low): Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows…
CVE-2008-2368 — CVSS 2.1 (low): Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified…